VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-2yym-f64y-v7hf

Vulnerability ID	VCID-2yym-f64y-v7hf
Aliases	CVE-2008-4310 GHSA-wfrc-r6c6-7j9r
Summary	WEBrick Denial of Service Vulnerability httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.
Status	Published
Exploitability	2.0
Weighted Severity	8.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-399	Resource Management Errors
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-400	Uncontrolled Resource Consumption

System	Score	Found at
epss	0.05791	https://api.first.org/data/v1/epss?cve=CVE-2008-4310
epss	0.05791	https://api.first.org/data/v1/epss?cve=CVE-2008-4310
epss	0.05791	https://api.first.org/data/v1/epss?cve=CVE-2008-4310
epss	0.05791	https://api.first.org/data/v1/epss?cve=CVE-2008-4310
epss	0.05791	https://api.first.org/data/v1/epss?cve=CVE-2008-4310
epss	0.05791	https://api.first.org/data/v1/epss?cve=CVE-2008-4310
epss	0.05791	https://api.first.org/data/v1/epss?cve=CVE-2008-4310
epss	0.05791	https://api.first.org/data/v1/epss?cve=CVE-2008-4310
epss	0.05791	https://api.first.org/data/v1/epss?cve=CVE-2008-4310
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=470252
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-wfrc-r6c6-7j9r
generic_textual	HIGH	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2008-4310.yml
generic_textual	HIGH	https://github.com/ruby/webrick
generic_textual	HIGH	https://github.com/ruby/webrick/commit/b2ccd5ff7ddd67a4548299e110dcc5a4728a5534
cvssv2	7.8	https://nvd.nist.gov/vuln/detail/CVE-2008-4310
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2008-4310
generic_textual	HIGH	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10250
generic_textual	HIGH	https://web.archive.org/web/20111230125610/http://secunia.com/advisories/33013
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2008/12/04/2
generic_textual	HIGH	http://www.redhat.com/support/errata/RHSA-2008-0981.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4310.json
		https://api.first.org/data/v1/epss?cve=CVE-2008-4310
		https://bugzilla.redhat.com/show_bug.cgi?id=470252
		http://secunia.com/advisories/33013
		https://github.com/ruby/webrick
		https://github.com/ruby/webrick/commit/b2ccd5ff7ddd67a4548299e110dcc5a4728a5534
		https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10250
		https://web.archive.org/web/20111230125610/http://secunia.com/advisories/33013
		http://www.openwall.com/lists/oss-security/2008/12/04/2
		http://www.redhat.com/support/errata/RHSA-2008-0981.html
cpe:2.3:a:ruby-lang:ruby:1.8.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.1:::::::*
cpe:2.3:a:ruby-lang:ruby:1.8.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.8.5:::::::*
CVE-2008-4310		https://nvd.nist.gov/vuln/detail/CVE-2008-4310
CVE-2008-4310.YML		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2008-4310.yml
GHSA-wfrc-r6c6-7j9r		https://github.com/advisories/GHSA-wfrc-r6c6-7j9r
RHSA-2008:0981		https://access.redhat.com/errata/RHSA-2008:0981

Data source	Exploit-DB
Date added	Aug. 11, 2008
Description	Ruby 1.9 - 'WEBrick::HTTP::DefaultFileHandler' Crafted HTTP Request Denial of Service
Ransomware campaign use	Known
Source publication date	Aug. 11, 2008
Exploit type	dos
Platform	multiple
Source update date	Dec. 21, 2016
Source URL	https://www.securityfocus.com/bid/30644/info

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2008-4310

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:50:01.755170+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/webrick/CVE-2008-4310.yml	38.0.0