PT-2013-1897 · Rack+1 · Rack+1

Vincent Danen

Publicado

2013-02-27

Atualizado

2023-02-13

CVE-2012-6109

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Rack versions 1.1.3 and earlier Rack versions 1.2.x through 1.2.5 Rack versions 1.3.x through 1.3.6 Rack versions 1.4.x through 1.4.1

Description The issue is caused by an incorrect regular expression in lib/rack/multipart.rb, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.

Recommendations For Rack version 1.1.3 and earlier, update to version 1.1.4 or later. For Rack version 1.2.x through 1.2.5, update to version 1.2.6 or later. For Rack version 1.3.x through 1.3.6, update to version 1.3.7 or later. For Rack version 1.4.x through 1.4.1, update to version 1.4.2 or later.

Exploit

Correção

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835

Identificadores relacionados

CVE-2012-6109

GHSA-H77X-M5Q8-C29H

SUSE-SU-2013_0355-1

SUSE-SU-2013_0355-2

Produtos afetados

Rack

Suse

PT-2013-1897 · Rack+1 · Rack+1

CVE-2012-6109

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21