浏览 3443 次
|
锁定老帖子 主题:新的安全漏洞,mongrel DOS
精华帖 (0) :: 良好帖 (0) :: 新手帖 (0) :: 隐藏帖 (0)
|
|
|---|---|
| 作者 | 正文 |
|
发表时间:2006-10-27
http://blog.evanweaver.com/articles/2006/10/25/mongrel-denial-of-service-vulnerability
http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html DOS拒绝服务的攻击 针对Mongrel的服务器和Litespeed服务器 后者国内可能用的不多 http://litespeedtech.com/ problem Zed Shaw makes a full report here, explaining that: ...there has been an exploitable bug in the Ruby CGI library named cgi.rb, which allows anyone on the internet to send a single HTTP request to any Ruby program (not just Mongrel) using cgi.rb multipart parsing with a malformed MIME body that causes the Ruby process to go into a 99% CPU infinite loop, killing it. 解决的方法就是更新Mongrel gem install mongrel --source=http://mongrel.rubyforge.org/releases 请时刻留意安全问题 
声明:ITeye文章版权属于作者,受法律保护。没有作者书面许可不得转载。
推荐链接
|
| 返回顶楼 | |
