CVE-2008-4310 — WEBrick Denial of Service Vulnerability

Description

httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.

How to fix CVE-2008-4310

To remediate CVE-2008-4310, upgrade the affected package to a fixed version below.

RubyGems/webrick—upgrade to 1.3.1 or later

Is CVE-2008-4310 being exploited?

Moderate — EPSS is 6.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 1.3.1

References (9)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2008-4310
PATCHgithub.com/ruby/webrick
WEBbugzilla.redhat.com/show_bug.cgi?id=470252
WEBgithub.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2008-4310.yml