QwikSec

Security Database

CVE

CWE

Training

CVE-2018-8777

Published: Apr 3, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_REDHAT

[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/

x_refsource_CONFIRM

[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update

mailing-list

x_refsource_MLIST

https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/

x_refsource_CONFIRM

[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update

mailing-list

x_refsource_MLIST

openSUSE-SU-2019:1771

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.