=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN316
_____________________________________________________________________

DATE                      : 16/08/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Ruby versions 1.8.x, 1.9.x,
                              Development versions of Ruby 1.9.

======================================================================
http://www.ruby-lang.org/en/news/2010/08/16/xss-in-webrick-cve-2010-0541/
______________________________________________________________________


XSS in WEBrick (CVE-2010-0541)

A possible security vulnerability on WEBrick. The vulnerability has
been reported as CVE-2010-0541.


CVE-2010-0541


Description

WEBrick have had a cross-site scripting vulnerability that allows an
attacker to inject arbitrary script or HTML via a crafted URI. This
does not affect user agents that strictly implement HTTP/1.1, however,
some user agents do not.

The affected versions are:

    * Ruby 1.8.6-p399 or any prior releases.
    * Ruby 1.8.7-p299 or any prior releases.
    * Ruby 1.9.1-p429 or any prior releases.
    * Ruby 1.9.2 RC2 or any prior releases.
    * Development versions of Ruby 1.9 (1.9.3dev).

We recommend you to upgrade your ruby to the newest patch level
releases.


Solutions

    * Fixes for 1.8.6, 1.8.7 and 1.9.1 are to follow this announce.
          o 1.8.6:
          o 1.8.7: please upgrade to 1.8.7 patchlevel 302
          o 1.9.1: please upgrade to 1.9.1 patchlevel 430
    * For development versions, please update to the most recent
revision for each development branch.
    * You can also fix the vulnerability by applying a patch to
$(libdir)/ruby/${ruby_version}/webrick/httpresponse.rb. The patch
is available at
<URL:ftp://ftp.ruby-lang.org/pub/misc/webrick-cve-2010-0541.diff>.
It is written by Hirokazu NISHIO.

      SIZE:
          466 bytes
      MD5:
          395585e1aae7ddef842f0d1d9f5e6e07
      SHA256:
          6bf7dea0fc78f0425f5cbb90f78c3485793f27bc60c11244b6ba4023445f3567


Credit

The veulnerability was found by Apple and reported to the Ruby security team
by Hideki Yamane. *1


Updates

    * Originally published at 2010-08-16 10:26:03 JST.
    * 1.9.1 patchlevel 430 released
    * 1.8.7 patchlevel 301 released
    * 1.8.7 patchlevel 302 released because pl301 was broken. Please use
it instead.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================