What is CVE-2008-3656?

CVE-2008-3656 is a vulnerability in N/a. Published 2008-08-13.

Is CVE-2008-3656 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2008-3656

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423…

EPSS: 0.793 (99.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

oval:org.mitre.oval:def:9682 (x_refsource_OVAL, signature, vdb-entry)
31430 (x_refsource_SECUNIA, third-party-advisory)
31697 (x_refsource_SECUNIA, third-party-advisory)
USN-651-1 (x_refsource_UBUNTU, vendor-advisory)
ruby-webrick-dos(44371) (vdb-entry, x_refsource_XF)
support.apple.com/kb/HT3549 (x_refsource_CONFIRM)
wiki.rpath.com/wiki/Advisories:rPSA-2008-0264 (x_refsource_CONFIRM)
DSA-1652 (vendor-advisory, x_refsource_DEBIAN)
FEDORA-2008-8736 (x_refsource_FEDORA, vendor-advisory)
35074 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2008-3656?: CVE-2008-3656 is a vulnerability in N/a. Published 2008-08-13.
Is CVE-2008-3656 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.