4.3

CVE-2012-6109

lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rack ProjectRack Version <= 1.1.3
Rack ProjectRack Version0.1
Rack ProjectRack Version0.2
Rack ProjectRack Version0.3
Rack ProjectRack Version0.4
Rack ProjectRack Version0.9
Rack ProjectRack Version0.9.1
Rack ProjectRack Version1.0.0
Rack ProjectRack Version1.0.1
Rack ProjectRack Version1.1.0
Rack ProjectRack Version1.1.2
Rack ProjectRack Version1.2.0
Rack ProjectRack Version1.2.1
Rack ProjectRack Version1.2.2
Rack ProjectRack Version1.2.3
Rack ProjectRack Version1.2.4
Rack ProjectRack Version1.3.0
Rack ProjectRack Version1.3.1
Rack ProjectRack Version1.3.2
Rack ProjectRack Version1.3.3
Rack ProjectRack Version1.3.4
Rack ProjectRack Version1.3.5
Rack ProjectRack Version1.3.6
Rack ProjectRack Version1.4.0
Rack ProjectRack Version1.4.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.72% 0.841
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://rhn.redhat.com/errata/RHSA-2013-0544.html
http://rack.github.com/
http://rhn.redhat.com/errata/RHSA-2013-0548.html
https://bugzilla.redhat.com/show_bug.cgi?id=895277
https://github.com/rack/rack/blob/master/README.rdoc
https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5
https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ