Lucene search

RedhatCVE-2012-6109

HistoryMar 01, 2013 - 5:40 a.m.

CVE-2012-6109

2013-03-0105:40:16

redhat

web.nvd.nist.gov

rack

multipart

denial of service

cve-2012-6109

nvd

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.3

Confidence

Low

EPSS

0.01

Percentile

84.2%

JSON

lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.

Affected configurations

Nvd

Node

rack_projectrackRange≤1.1.3

rack_projectrackMatch0.1

rack_projectrackMatch0.2

rack_projectrackMatch0.3

rack_projectrackMatch0.4

rack_projectrackMatch0.9

rack_projectrackMatch0.9.1

rack_projectrackMatch1.0.0

rack_projectrackMatch1.0.1

rack_projectrackMatch1.1.0

rack_projectrackMatch1.1.2

Node

rack_projectrackMatch1.2.0

rack_projectrackMatch1.2.1

rack_projectrackMatch1.2.2

rack_projectrackMatch1.2.3

rack_projectrackMatch1.2.4

Node

rack_projectrackMatch1.3.0

rack_projectrackMatch1.3.1

rack_projectrackMatch1.3.2

rack_projectrackMatch1.3.3

rack_projectrackMatch1.3.4

rack_projectrackMatch1.3.5

rack_projectrackMatch1.3.6

Node

rack_projectrackMatch1.4.0

rack_projectrackMatch1.4.1

VendorProductVersionCPE
rack_projectrack*cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*
rack_projectrack0.1cpe:2.3:a:rack_project:rack:0.1:*:*:*:*:*:*:*
rack_projectrack0.2cpe:2.3:a:rack_project:rack:0.2:*:*:*:*:*:*:*
rack_projectrack0.3cpe:2.3:a:rack_project:rack:0.3:*:*:*:*:*:*:*
rack_projectrack0.4cpe:2.3:a:rack_project:rack:0.4:*:*:*:*:*:*:*
rack_projectrack0.9cpe:2.3:a:rack_project:rack:0.9:*:*:*:*:*:*:*
rack_projectrack0.9.1cpe:2.3:a:rack_project:rack:0.9.1:*:*:*:*:*:*:*
rack_projectrack1.0.0cpe:2.3:a:rack_project:rack:1.0.0:*:*:*:*:*:*:*
rack_projectrack1.0.1cpe:2.3:a:rack_project:rack:1.0.1:*:*:*:*:*:*:*
rack_projectrack1.1.0cpe:2.3:a:rack_project:rack:1.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rack_project	rack	*	cpe:2.3:a:rack_project:rack::::::::
rack_project	rack	0.1	cpe:2.3:a:rack_project:rack:0.1:::::::*
rack_project	rack	0.2	cpe:2.3:a:rack_project:rack:0.2:::::::*
rack_project	rack	0.3	cpe:2.3:a:rack_project:rack:0.3:::::::*
rack_project	rack	0.4	cpe:2.3:a:rack_project:rack:0.4:::::::*
rack_project	rack	0.9	cpe:2.3:a:rack_project:rack:0.9:::::::*
rack_project	rack	0.9.1	cpe:2.3:a:rack_project:rack:0.9.1:::::::*
rack_project	rack	1.0.0	cpe:2.3:a:rack_project:rack:1.0.0:::::::*
rack_project	rack	1.0.1	cpe:2.3:a:rack_project:rack:1.0.1:::::::*
rack_project	rack	1.1.0	cpe:2.3:a:rack_project:rack:1.1.0:::::::*