Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4310Uncontrolled Resource Consumption in Webrick

CWE-400Uncontrolled Resource Consumption7 documents7 sources
Severity
7.8HIGHNVD
EPSS
5.8%
top 9.48%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Ruby-lang WebrickRuby-lang Ruby
Timeline
PublishedDec 9
Latest updateMay 2

Description

httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

RubyGemsruby-lang/webrick< 1.3.1
NVDruby-lang/ruby1.8.1, 1.8.5+1

🔴Vulnerability Details

3
GHSA
WEBrick Denial of Service Vulnerability2022-05-02
OSV
WEBrick Denial of Service Vulnerability2022-05-02
CVEList
CVE-2008-4310: httputils2008-12-09

💥Exploits & PoCs

1
Exploit-DB
Ruby 1.9 - 'WEBrick::HTTP::DefaultFileHandler' Crafted HTTP Request Denial of Service2008-08-11

📋Vendor Advisories

1
Red Hat
ruby: Incomplete fix for CVE-2008-36562008-12-04

💬Community

1
Bugzilla
CVE-2008-4310 ruby: Incomplete fix for CVE-2008-36562008-11-06
CVE-2008-4310 — Uncontrolled Resource Consumption | cvebase