XSS in WEBrick (CVE-2010-0541)

Posted by Yugui on 16 Aug 2010

A possible security vulnerability on WEBrick. The vulnerability has been reported as CVE-2010-0541.

CVE-2010-0541

Description

WEBrick have had a cross-site scripting vulnerability that allows an attacker to inject arbitrary script or HTML via a crafted URI. This does not affect user agents that strictly implement HTTP/1.1, however, some user agents do not.

The affected versions are:

• Ruby 1.8.6-p399 or any prior releases.
• Ruby 1.8.7-p299 or any prior releases.
• Ruby 1.9.1-p429 or any prior releases.
• Ruby 1.9.2 RC2 or any prior releases.
• Development versions of Ruby 1.9 (1.9.3dev).

We recommend you to upgrade your ruby to the newest patch level releases.

Solutions

• Fixes for 1.8.6, 1.8.7 and 1.9.1 are to follow this announce.
  • 1.8.6:
  • 1.8.7: please upgrade to 1.8.7 patchlevel 302
  • 1.9.1: please upgrade to 1.9.1 patchlevel 430
• For development versions, please update to the most recent revision for each development branch.

• You can also fix the vulnerability by applying a patch to $(libdir)/ruby/${ruby_version}/webrick/httpresponse.rb. The patch is available at <URL:https://cache.ruby-lang.org/pub/misc/webrick-cve-2010-0541.diff>. It is written by Hirokazu NISHIO.

  SIZE:

  466 bytes

  MD5:

  395585e1aae7ddef842f0d1d9f5e6e07

  SHA256:

  6bf7dea0fc78f0425f5cbb90f78c3485793f27bc60c11244b6ba4023445f3567

Credit

The vulnerability was found by Apple and reported to the Ruby security team by Hideki Yamane. ^*1

Updates

• Originally published at 2010-08-16 10:26:03 JST.
• 1.9.1 patchlevel 430 released
• 1.8.7 patchlevel 301 released
• 1.8.7 patchlevel 302 released because pl301 was broken. Please use it instead.

^*1 [ruby-dev:42003]