Security vulnerability in Ruby's CGI could cause DoS on LS servers

Discussion in 'Bug Reports' started by subBlue, Oct 28, 2006.

  1. subBlue

    subBlue Active Member

  2. xing

    xing LiteSpeed Staff

    This is affects cgi.rb and all programs that use that.

    LiteSpeed Ruby-LSAPI should not be affected. You would only be affected if you use Mongrel behind LiteSpeed or straight-through Rails using plain CGI.

    This is a Ruby cgi.rb module problem. In fact, the author of the bug notes that litespeed's internal timeout system will kill the run-away process unlike other implementations.

    Regardless, we will keep an eye on this.

Share This Page