← back
CVE-2006-6303

CVE-2006-6303

EPSS 3.6%
The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bugs.gentoo.org/show_bug.cgi?id=157048http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287http://docs.info.apple.com/article.html?artnum=305530http://jvn.jp/jp/JVN%2384798830/index.htmlhttp://lists.apple.com/archives/security-announce/2007/May/msg00004.htmlhttp://secunia.com/advisories/23165http://secunia.com/advisories/23268http://secunia.com/advisories/23454http://secunia.com/advisories/25402http://secunia.com/advisories/27576http://secunia.com/advisories/31090http://security.gentoo.org/glsa/glsa-200612-21.xml