[Mongrel] [SEC] Mongrel Temporary Fix For cgi.rb 99% CPU DoS Attack
Ian C. Blenke
ian at blenke.com
Fri Oct 27 10:39:20 EDT 2006
Sam Giffney wrote:
>Anyway I fixed this by running Ian's patch with
>which is the current cgi.rb from the ruby1.8 branch rather than the Main branch.
Yeah, I think Zed's gem fix is the best approach - it patches the
missing end boundary spin problem without any other side effects:
gem install cgi_multipart_eof_fix
I've dropped the cgi.rb update directly from CVS and moved to this fix
myself, which seems to work just fine.
- Ian C. Blenke <ian at blenke.com> http://ian.blenke.com/
More information about the Mongrel-users