|
Yukihiro Matsumoto Ruby XMLRPC Server Denial of Service Vulnerability
Attackers exploit this issue with standard network utilities. The following Ruby command will issue a request sufficient to trigger this issue: ruby -rsocket -e 'TCPSocket.open("www.example.com", 10080) {|s| s.print "GET /z HTTP/1.0\r\n\r\n" sleep }' This is demonstrated to work with the Ruby demonstration 'httpd.rb' file. By placing a 100k file in the document root of the demonstration server called 'z', and then executing this Ruby command, further requests will be denied. |
|
Privacy Statement |