Oval Definition:oval:org.opensuse.security:def:20083656
Revision Date:2022-05-20Version:1
Title:CVE-2008-3656
Description:

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2008-3656
Mitre CVE-2008-3656
SUSE CVE-2008-3656
SUSE-SA:2009:037
SUSE-SA:2009:037
Platform(s):Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Open Enterprise Server
openSUSE 10.3
openSUSE 11.0
openSUSE 11.1
SUSE Linux Enterprise Desktop 11 GA
SUSE Linux Enterprise SDK 10 SP2
SUSE Linux Enterprise SDK 11 GA
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 11 GA
SUSE Linux Enterprise Server for SAP Applications 11
Product(s):
Definition Synopsis
  • sles10-sp2-sdk is installed
  • AND Package Information
  • ruby-devel less than 1.8.6.p369-0.4
  • OR ruby-doc-html less than 1.8.6.p369-0.4
  • OR ruby-doc-ri less than 1.8.6.p369-0.4
  • OR ruby-examples less than 1.8.6.p369-0.4
  • OR ruby-test-suite less than 1.8.6.p369-0.4
  • OR ruby-tk less than 1.8.6.p369-0.4
  • OR ruby less than 1.8.6.p369-0.4
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 is installed
  • AND Package Information
  • ruby-1.8.7.p72-5.22 is installed
  • OR ruby-doc-html-1.8.7.p72-5.22 is installed
  • OR ruby-tk-1.8.7.p72-5.22 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 11 is installed
  • AND Package Information
  • ruby-1.8.7.p72-5.22.1 is installed
  • OR ruby-doc-html-1.8.7.p72-5.22.1 is installed
  • OR ruby-tk-1.8.7.p72-5.22.1 is installed
    • BACK