ID CVE-2012-6109
Summary lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.
References
Vulnerable Configurations
  • cpe:2.3:a:rack_project:rack:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 13-08-2018 - 21:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2013:0544
  • rhsa
    id RHSA-2013:0548
rpms
  • apache-commons-codec-0:1.7-2.el6_3
  • apache-commons-codec-debuginfo-0:1.7-2.el6_3
  • apache-mime4j-0:0.6-4_redhat_1.ep6.el6.1
  • apache-mime4j-javadoc-0:0.6-4_redhat_1.ep6.el6.1
  • candlepin-0:0.7.23-1.el6_3
  • candlepin-devel-0:0.7.23-1.el6_3
  • candlepin-selinux-0:0.7.23-1.el6_3
  • candlepin-tomcat6-0:0.7.23-1.el6_3
  • elasticsearch-0:0.19.9-5.el6_3
  • katello-certs-tools-0:1.2.1-1h.el6_3
  • katello-cli-0:1.2.1-12h.el6_3
  • katello-cli-common-0:1.2.1-12h.el6_3
  • katello-common-0:1.2.1-15h.el6_3
  • katello-configure-0:1.2.3-3h.el6_3
  • katello-glue-candlepin-0:1.2.1-15h.el6_3
  • katello-headpin-0:1.2.1-15h.el6_3
  • katello-headpin-all-0:1.2.1-15h.el6_3
  • katello-selinux-0:1.2.1-2h.el6_3
  • lucene3-0:3.6.1-10h.el6_3
  • lucene3-contrib-0:3.6.1-10h.el6_3
  • puppet-0:2.6.17-2.el6cf
  • puppet-server-0:2.6.17-2.el6cf
  • quartz-0:2.1.5-4.el6_3
  • rubygem-activesupport-1:3.0.10-10.el6cf
  • rubygem-apipie-rails-0:0.0.12-2.el6cf
  • rubygem-ldap_fluff-0:0.1.3-1.el6_3
  • rubygem-mail-0:2.3.0-3.el6cf
  • rubygem-mail-doc-0:2.3.0-3.el6cf
  • rubygem-rack-1:1.3.0-3.el6cf
  • rubygem-ruby_parser-0:2.0.4-6.el6cf
  • rubygem-ruby_parser-doc-0:2.0.4-6.el6cf
  • sigar-0:1.6.5-0.12.git58097d9h.el6_3
  • sigar-debuginfo-0:1.6.5-0.12.git58097d9h.el6_3
  • sigar-java-0:1.6.5-0.12.git58097d9h.el6_3
  • snappy-java-0:1.0.4-2.el6_3
  • snappy-java-debuginfo-0:1.0.4-2.el6_3
  • thumbslug-0:0.0.28-1.el6_3
  • thumbslug-selinux-0:0.0.28-1.el6_3
  • ruby-nokogiri-0:1.5.0-0.9.beta4.el6cf
  • rubygem-activesupport-1:3.0.10-10.el6cf
  • rubygem-delayed_job-0:2.1.4-3.el6cf
  • rubygem-delayed_job-doc-0:2.1.4-3.el6cf
  • rubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf
  • rubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf
  • rubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf
  • rubygem-rack-1:1.3.0-3.el6cf
  • rubygem-rails_warden-0:0.5.5-2.el6cf
  • rubygem-rails_warden-doc-0:0.5.5-2.el6cf
  • rubygem-rdoc-0:3.8-6.el6cf
  • rubygem-rdoc-doc-0:3.8-6.el6cf
  • rubygem-rspec-rails-0:2.6.1-7.el6cf
  • rubygem-rspec-rails-doc-0:2.6.1-7.el6cf
  • rubygem-ruby_parser-0:2.0.4-6.el6cf
  • rubygem-ruby_parser-doc-0:2.0.4-6.el6cf
  • rubygem-shoulda-0:2.11.3-5.el6cf
  • rubygem-shoulda-doc-0:2.11.3-5.el6cf
refmap via4
confirm
misc
Last major update 13-08-2018 - 21:47
Published 01-03-2013 - 05:40
Last modified 13-08-2018 - 21:47
Back to Top