Denial of Service in WEBrick Server Affects Ruby Versions
CVE-2018-8777

7.5HIGH

Key Information:

Vendor

Ruby-lang

Status
Ruby
Vendor
CVE Published:
3 April 2018

What is CVE-2018-8777?

The WEBrick server in Ruby has a vulnerability that allows an attacker to send an oversized HTTP request, containing either a crafted header or a large body, leading to excessive memory usage and potentially causing a denial of service condition. This can disrupt the availability of applications relying on the WEBrick server, particularly those utilizing specific Ruby versions prior to their updates. Developers and system administrators should ensure that they are using updated Ruby versions to mitigate this risk.

References

https://www.ruby-lang.org/en/news/2018/03/28/large-reques...
x_refsource_CONFIRM
https://usn.ubuntu.com/3685-1/
vendor-advisoryx_refsource_UBUNTU
https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-r...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.