LiteSpeed Technologies
Download Download     Blog Blog     Wiki Wiki     Forum Forum     Store     Contact Contact    

Go Back   LiteSpeed Support Forums > LiteSpeed Web Server > Bug Reports > Security vulnerability in Ruby's CGI could cause DoS on LS servers

Reply
 
Thread Tools Display Modes
  #1  
Old 10-28-2006, 09:56 AM
subBlue subBlue is offline
Member
  
Join Date: Oct 2006
Posts: 42
Exclamation Security vulnerability in Ruby's CGI could cause DoS on LS servers
Just a heads up to this:
http://blog.evanweaver.com/articles/...-vulnerability

Apparently LS is susceptible too.
Reply With Quote
  #2  
Old 10-28-2006, 01:27 PM
xing xing is offline
LiteSpeed Staff
  
Join Date: Oct 2003
Location: Los Angeles, California
Posts: 380
This is affects cgi.rb and all programs that use that.

LiteSpeed Ruby-LSAPI should not be affected. You would only be affected if you use Mongrel behind LiteSpeed or straight-through Rails using plain CGI.

This is a Ruby cgi.rb module problem. In fact, the author of the bug notes that litespeed's internal timeout system will kill the run-away process unlike other implementations.

Regardless, we will keep an eye on this.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 10:31 PM.



- Archive - Top
© Copyright 2003-2011 LiteSpeed Technologies, Inc. All rights reserved. Privacy Policy.