GHSA SYNC: Another brand new advisory

jasnow · Feb 9, 2024 · 5da4960 · 5da4960
1 parent 0387f6f
commit 5da4960
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/gems/webrick/CVE-2008-4310.yml b/gems/webrick/CVE-2008-4310.yml
@@ -0,0 +1,26 @@
+---
+gem: webrick
+cve: 2008-4310
+ghsa: wfrc-r6c6-7j9r
+url: https://bugzilla.redhat.com/show_bug.cgi?id=470252
+title: WEBrick Denial of Service Vulnerability
+date: 2008-12-08
+description: |
+  httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat
+  Enterprise Linux 4 and 5, allows remote attackers to cause a
+  denial of service (CPU consumption) via a crafted HTTP request.
+
+  NOTE: This issue exists because of an incomplete fix for CVE-2008-3656.
+cvss_v2: 7.8
+patched_versions:
+  - ">= 1.3.1"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2008-4310
+    - https://github.com/ruby/webrick/commit/b2ccd5ff7ddd67a4548299e110dcc5a4728a5534
+    - http://www.openwall.com/lists/oss-security/2008/12/04/2
+    - https://bugzilla.redhat.com/show_bug.cgi?id=470252
+    - https://oval.cisecurity.org/repository/search/definition/oval
+    - http://www.redhat.com/support/errata/RHSA-2008-0981.html
+    - https://web.archive.org/web/20111230125610/http://secunia.com/advisories/33013
+    - https://github.com/advisories/GHSA-wfrc-r6c6-7j9r