Article 164 at 06/12/30 02:47:54 From: rob@muhlestein.net Subject: [webricken:164] WEBrick DOS Security Vulnerability

Index: [Article Count Order] [Thread]

Date: Fri, 29 Dec 2006 11:48:28 -0500
From: Rob Muhlestein <rob@muhlestein.net>
Subject: [webricken:164] WEBrick DOS Security Vulnerability
To: webricken@notwork.org
Message-Id: <1167410909.4215.25.camel@dads>
X-Mail-Count: 00164

Pardon a bit of apparently bad news. I also posted this to
ruby-talk/comp.lang.ruby.

This looks as bad as the CGI DOS a couple months back for anyone running
WEBrick as an actual public server, and not just during rails
development and testing. 

http://rob.muhlestein.net/2006/12/webrick-security-flaw.html

Collaborating a bit with ruby-talk guys on a SafeReader gem that might
address this, but don't imagine you want to wait for that nor incur the
overhead for now until we can get a C extension version finished.

If I've overlooked something, please let me know. Thanks.

-- 
Rob Muhlestein
http://rob.muhlestein.net