Security vulnerability in Ruby's CGI could cause DoS on LS servers

[subBlue]

Just a heads up to this:
http://blog.evanweaver.com/articles/2006/10/25/mongrel-denial-of-service-vulnerability

Apparently LS is susceptible too.

 

[xing]

This is affects cgi.rb and all programs that use that.

LiteSpeed Ruby-LSAPI should not be affected. You would only be affected if you use Mongrel behind LiteSpeed or straight-through Rails using plain CGI.

This is a Ruby cgi.rb module problem. In fact, the author of the bug notes that litespeed's internal timeout system will kill the run-away process unlike other implementations.

Regardless, we will keep an eye on this.