CVE-2008-3656

Ruby < 1.8.5 - Denial of Service via WEBrick HTTP Header Parsing

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-3656. Includes Metasploit module auxiliary/dos/http/webrick_regex.

AI-analyzed exploit summary The exploit demonstrates a denial-of-service (DoS) vulnerability in Ruby's WEBrick HTTP server by sending a crafted HTTP request with a malformed 'If-None-Match' header, causing resource exhaustion. It targets the 'WEBrick::HTTP::DefaultFileHandler' component, which fails to handle the excessive header data properly.

Description

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.

Exploits (2)

exploitdb WORKING POC
rubydosmultiple
https://www.exploit-db.com/exploits/32222

The exploit demonstrates a denial-of-service (DoS) vulnerability in Ruby's WEBrick HTTP server by sending a crafted HTTP request with a malformed 'If-None-Match' header, causing resource exhaustion. It targets the 'WEBrick::HTTP::DefaultFileHandler' component, which fails to handle the excessive header data properly.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Ruby (WEBrick HTTP server) versions 1.8.5, 1.8.6-p286, 1.8.7-p71, and 1.9 r18423
No auth needed
Prerequisites: A running WEBrick HTTP server with an accessible endpoint
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/webrick_regex.rb

This Metasploit module exploits a DoS vulnerability in Ruby's WEBrick HTTP server by sending a crafted HTTP request with a malformed 'If-None-Match' header, causing excessive CPU consumption.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Ruby WEBrick (versions 1.8.5 and earlier, 1.8.6 to 1.8.6-p286, 1.8.7 to 1.8.7-p71, 1.9 to r18423)
No auth needed
Prerequisites: Network access to the target WEBrick server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (30)

Core 30
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9682
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31430
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31697
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/651-1/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44371
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3549
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1652
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35074
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1651
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30644
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0897.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32219
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020654
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32255
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1297
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/495884/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32371
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32165
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200812-17.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33178
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2334
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32256

Scores

EPSS 0.7933
EPSS Percentile 99.1%

Details

CWE
CWE-399
Status published
Products (11)
ruby-lang/ruby 1.6.8
ruby-lang/ruby 1.8.0
ruby-lang/ruby 1.8.1 (2 CPE variants)
ruby-lang/ruby 1.8.2 (4 CPE variants)
ruby-lang/ruby 1.8.3 (4 CPE variants)
ruby-lang/ruby 1.8.4 (4 CPE variants)
ruby-lang/ruby 1.8.5 p11 (11 CPE variants)
ruby-lang/ruby 1.8.6 (6 CPE variants)
ruby-lang/ruby 1.8.7 (8 CPE variants)
ruby-lang/ruby 1.9.0
... and 1 more
Published Aug 13, 2008
Tracked Since Feb 18, 2026