[Mongrel] [SEC] Mongrel Temporary Fix For cgi.rb 99% CPU DoS Attack

Ian C. Blenke ian at blenke.com
Fri Oct 27 10:39:20 EDT 2006

Sam Giffney wrote:

>Anyway I fixed this by running Ian's patch with
>which is the current cgi.rb from the ruby1.8 branch rather than the Main branch.

Yeah, I think Zed's gem fix is the best approach - it patches the 
missing end boundary spin problem without any other side effects:
    gem install cgi_multipart_eof_fix 

I've dropped the cgi.rb update directly from CVS and moved to this fix 
myself, which seems to work just fine.

Kudos Zed.

 - Ian C. Blenke <ian at blenke.com> http://ian.blenke.com/

More information about the Mongrel-users mailing list