You are here

CVE-2012-6109

Vincent (CVE) Danen's picture
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.

Details Source

Mitre

Public Date

2012-05-04 00:00:00

Impact

Moderate

Bugzilla

CVE-2012-6109 rubygem-rack: parsing Content-Disposition header DoS

Bugzilla ID

895 277

CVSS Status

verified

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:N/I:N/A:P

Red Hat Security Errata

Platform Errata Release Date
Red Hat CloudForms Cloud Engine 1 (rubygem-rack) RHSA-2013:0548 2013-02-21
Red Hat CloudForms System Engine 1 (rubygem-rack) RHSA-2013:0548 2013-02-21
Red Hat Subscription Asset Manager 1.2 (rubygem-rack) RHSA-2013:0544 2013-02-21

CWE

CWE-835

Affected Packages State

Platform Package State
Red Hat OpenShift Enterprise 1 rubygem-rack Will not fix
Red Hat OpenShift Enterprise 1 rubygem193-rack Will not fix
Red Hat Enterprise MRG 2 rubygem-rack Affected
Red Hat CloudForms Tools 1 rubygem-rack Will not fix