CVE-2008-4310

Ruby 1.8.1 and 1.8.5 - Denial of Service via Crafted HTTP Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4310. PoCs published by Keita Yamaguchi.

AI-analyzed exploit summary This exploit targets a denial-of-service vulnerability in Ruby's WEBrick HTTP server by sending a crafted HTTP request with a malformed 'If-None-Match' header. The vulnerability affects Ruby versions 1.8.5, 1.8.6-p286, 1.8.7-p71, and 1.9 r18423.

Description

httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Keita Yamaguchi · rubydosmultiple
https://www.exploit-db.com/exploits/32222

This exploit targets a denial-of-service vulnerability in Ruby's WEBrick HTTP server by sending a crafted HTTP request with a malformed 'If-None-Match' header. The vulnerability affects Ruby versions 1.8.5, 1.8.6-p286, 1.8.7-p71, and 1.9 r18423.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Ruby WEBrick HTTP Server (versions 1.8.5, 1.8.6-p286, 1.8.7-p71, 1.9 r18423)
No auth needed
Prerequisites: A running WEBrick HTTP server on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=470252
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0981.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10250
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/12/04/2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33013

Scores

EPSS 0.0619
EPSS Percentile 91.1%

Details

CWE
CWE-399
Status published
Products (3)
ruby-lang/ruby 1.8.1
ruby-lang/ruby 1.8.5
rubygems/webrick 0 - 1.3.1RubyGems
Published Dec 09, 2008
Tracked Since Feb 18, 2026