Description
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
Product(s):
- Yukihiro Matsumoto Ruby 1.6.7
- Yukihiro Matsumoto Ruby 1.6
- Yukihiro Matsumoto Ruby 1.8.1
- Yukihiro Matsumoto Ruby 1.8.2 Pre1
- Yukihiro Matsumoto Ruby 1.8.2 Pre2
- Yukihiro Matsumoto Ruby 1.8
- Gentoo Linux
- Gentoo Linux 1.2
- Gentoo Linux 1.4
- Gentoo Linux 1.4 -
- Gentoo Linux 1.4 rc1
- Gentoo Linux 1.4 rc2
- Gentoo Linux 1.4 rc3
- Gentoo Linux 2.1.30 r9
- Gentoo Linux 2.2.28 r7
- Gentoo Linux 2.3.30 r2
- MandrakeSoft Mandrake Linux 10.0
- Mandrakesoft Mandrake Linux 10.0 on AMD64
- MandrakeSoft Mandrake Linux 10.1
- Mandrakesoft Mandrake Linux 10.1 on x86_64
- MandrakeSoft Mandrake Linux 9.2
- Mandrakesoft Mandrake Linux 9.2 on AMD64
- MandrakeSoft Mandrake Linux Corporate Server 2.1
- Mandrakesoft Mandrake Linux Corporate Server 2.1 on x86_64
- Ubuntu Linux 4.1 on IA64
- Ubuntu Linux 4.1 on PPC
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-0983, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-0983 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.