| Vulnerability Name: | CVE-2006-1931 (CCN-26102) | ||||||||||||||||||||
| Assigned: | 2005-06-30 | ||||||||||||||||||||
| Published: | 2005-06-30 | ||||||||||||||||||||
| Updated: | 2018-10-03 | ||||||||||||||||||||
| Summary: | The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data. | ||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||
| References: | Source: CCN Type: Ruby FTP Web page ruby-1.8.3 Source: MISC Type: Patch ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-webrick-dos-1.patch Source: MISC Type: UNKNOWN ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-xmlrpc-dos-1.patch Source: MISC Type: Patch http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/27787 Source: MITRE Type: CNA CVE-2006-1931 Source: CCN Type: RHSA-2006-0427 ruby security update Source: CCN Type: SA16904 Ruby Safe-Level Security Bypass and Server Classes Denial of Service Source: SECUNIA Type: UNKNOWN 16904 Source: SECUNIA Type: UNKNOWN 19772 Source: SECUNIA Type: UNKNOWN 19804 Source: SECUNIA Type: UNKNOWN 20024 Source: SECUNIA Type: UNKNOWN 20064 Source: SECUNIA Type: UNKNOWN 20457 Source: SECUNIA Type: UNKNOWN 21657 Source: CCN Type: SECTRACK ID: 1015978 Ruby HTTP/XMLRPC Server Lets Remote Users Block Connections Source: SECTRACK Type: UNKNOWN 1015978 Source: CCN Type: ASA-2006-098 ruby security update (RHSA-2006-0427) Source: DEBIAN Type: UNKNOWN DSA-1157 Source: DEBIAN Type: DSA-1157 ruby1.8 -- several vulnerabilities Source: CCN Type: GLSA-200605-11 Ruby: Denial of Service Source: GENTOO Type: UNKNOWN GLSA-200605-11 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:079 Source: SUSE Type: UNKNOWN SUSE-SR:2006:012 Source: OSVDB Type: UNKNOWN 24972 Source: CCN Type: OSVDB ID: 24972 Ruby HTTP/XMLRPC Blocking Sockets DoS Source: REDHAT Type: UNKNOWN RHSA-2006:0427 Source: BID Type: UNKNOWN 17645 Source: CCN Type: BID-17645 Yukihiro Matsumoto Ruby XMLRPC Server Denial of Service Vulnerability Source: CCN Type: USN-273-1 Ruby vulnerability Source: CCN Type: Red Hat Bugzilla Bug 189540 CVE-2006-1931 Ruby http/xmlrpc server DoS Source: CONFIRM Type: Patch https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189540 Source: XF Type: UNKNOWN ruby-socket-dos(26102) Source: XF Type: UNKNOWN ruby-socket-dos(26102) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11100 Source: UBUNTU Type: UNKNOWN USN-273-1 Source: SUSE Type: SUSE-SR:2006:012 SUSE Security Summary Report | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||