Lucene search
FreeBSD95176BA5-9796-11ED-BFBF-080027F5FEC9HistoryJan 17, 2023 - 12:00 a.m.
rack -- Multiple vulnerabilities
2023-01-1700:00:00
vuxml.freebsd.org
19
rack
multiple vulnerabilities
range header
denial of service
content-disposition
rfc2183
multipart parsing
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
41.6%
Aaron Patterson reports:
CVE-2022-44570
Carefully crafted input can cause the Range header
parsing component in Rack to take an unexpected amount
of time, possibly resulting in a denial of service
attack vector. Any applications that deal with Range
requests (such as streaming applications, or
applications that serve files) may be impacted.
CVE-2022-44571
Carefully crafted input can cause Content-Disposition
header parsing in Rack to take an unexpected amount of
time, possibly resulting in a denial of service attack
vector. This header is used typically used in multipart
parsing. Any applications that parse multipart posts
using Rack (virtually all Rails applications) are
impacted.
CVE-2022-44572
Carefully crafted input can cause RFC2183 multipart
boundary parsing in Rack to take an unexpected amount of
time, possibly resulting in a denial of service attack
vector. Any applications that parse multipart posts
using Rack (virtually all Rails applications) are
impacted.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | rubygem-rack | <Β 3.0.4.1,3 | UNKNOWN |
| FreeBSD | any | noarch | rubygem-rack22 | <Β 2.2.6.2,3 | UNKNOWN |
| FreeBSD | any | noarch | rubygem-rack16 | <Β 1.6.14 | UNKNOWN |
Related
osv
osv
ruby-rack vulnerabilities
2023-03-02 17:43:56
ruby-rack - security update
2023-01-31 00:00:00
ruby-rack - security update
2023-10-22 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5910-1)
2023-03-03 00:00:00
openSUSE: Security Advisory for rubygem (SUSE-SU-2023:0276-1)
2024-03-04 00:00:00
Mageia: Security Advisory (MGASA-2023-0106)
2023-03-28 00:00:00
nessus
nessus
ubuntu
ubuntu
Rack vulnerabilities
2023-03-02 00:00:00
redos
redos
ROS-20240403-12
2024-04-03 00:00:00
mageia
mageia
Updated ruby-rack packages fix security vulnerability
2023-03-24 08:55:49
debian
debian
[SECURITY] [DLA 3298-1] ruby-rack security update
2023-01-30 21:54:32
[SECURITY] [DSA 5530-1] ruby-rack security update
2023-10-22 12:35:21
hackerone
hackerone
prion
prion
Denial of service
2023-02-09 20:15:00
Denial of service
2023-02-09 20:15:00
Denial of service
2023-02-09 20:15:00
debiancve
debiancve
nvd
nvd
cvelist
cvelist
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-01-19 02:08:09
Regular Expression Denial Of Service (ReDoS)
2023-01-25 03:22:15
Regular Expression Denial Of Service(ReDoS)
2023-01-25 02:40:54
redhatcve
redhatcve
ubuntucve
ubuntucve
github
github
Denial of service via multipart parsing in Rack
2023-01-18 18:19:21
Denial of service via header parsing in Rack
2023-01-18 18:19:33
Denial of Service Vulnerability in Rack Content-Disposition parsing
2023-01-18 18:24:40
cve
cve
rubygems
rubygems
Denial of service via header parsing in Rack
2023-01-17 21:00:00
Denial of service via multipart parsing in Rack
2023-01-17 21:00:00
Denial of Service Vulnerability in Rack Content-Disposition parsing
2023-01-17 21:00:00
redhat
redhat
(RHSA-2023:6818) Important: Satellite 6.14 security and bug fix update
2023-11-08 14:10:25
rocky
rocky
Satellite 6.14 security and bug fix update
2023-11-11 22:58:57
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
41.6%
Related for 95176BA5-9796-11ED-BFBF-080027F5FEC9