Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2012-6109
Vulnerability from gsd - Updated: 2012-05-04 00:00Details
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-6109",
"description": "lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.",
"id": "GSD-2012-6109",
"references": [
"https://www.suse.com/security/cve/CVE-2012-6109.html",
"https://access.redhat.com/errata/RHSA-2013:0548",
"https://access.redhat.com/errata/RHSA-2013:0544"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rack",
"purl": "pkg:gem/rack"
}
}
],
"aliases": [
"CVE-2012-6109",
"OSVDB-89317"
],
"details": "lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.",
"id": "GSD-2012-6109",
"modified": "2012-05-04T00:00:00.000Z",
"published": "2012-05-04T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6109"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 4.3,
"type": "CVSS_V2"
}
],
"summary": "CVE-2012-6109 rubygem-rack: parsing Content-Disposition header DoS"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-0544.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-0548.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html"
},
{
"name": "http://rack.github.com/",
"refsource": "MISC",
"url": "http://rack.github.com/"
},
{
"name": "https://github.com/rack/rack/blob/master/README.rdoc",
"refsource": "MISC",
"url": "https://github.com/rack/rack/blob/master/README.rdoc"
},
{
"name": "https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5",
"refsource": "MISC",
"url": "https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5"
},
{
"name": "https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=895277",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=895277"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2012-6109",
"cvss_v2": 4.3,
"date": "2012-05-04",
"description": "lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.",
"gem": "rack",
"osvdb": 89317,
"patched_versions": [
"~\u003e 1.1.4",
"~\u003e 1.2.6",
"~\u003e 1.3.7",
"\u003e= 1.4.2"
],
"title": "CVE-2012-6109 rubygem-rack: parsing Content-Disposition header DoS",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6109"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=0.4 \u003c=1.4.1",
"affected_versions": "All versions starting from 0.4 up to 1.4.1",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2018-08-13",
"description": "lib/rack/multipart.rb in Rack uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.",
"fixed_versions": [
"1.4.2"
],
"identifier": "CVE-2012-6109",
"identifiers": [
"CVE-2012-6109"
],
"not_impacted": "All versions before 0.4, all versions after 1.4.1",
"package_slug": "gem/rack",
"pubdate": "2013-03-01",
"solution": "Upgrade to version 1.4.2 or above.",
"title": "Uncontrolled Resource Consumption",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2012-6109",
"http://rhn.redhat.com/errata/RHSA-2013-0548.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=895277",
"http://rack.github.com/",
"https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5",
"http://rhn.redhat.com/errata/RHSA-2013-0544.html",
"https://github.com/rack/rack/blob/master/README.rdoc",
"https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ"
],
"uuid": "f50c69fc-40da-4256-be93-19cdb6ac8bd4"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:0.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6109"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:0548",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=895277",
"refsource": "MISC",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=895277"
},
{
"name": "http://rack.github.com/",
"refsource": "CONFIRM",
"tags": [],
"url": "http://rack.github.com/"
},
{
"name": "https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5",
"refsource": "CONFIRM",
"tags": [],
"url": "https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5"
},
{
"name": "RHSA-2013:0544",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html"
},
{
"name": "https://github.com/rack/rack/blob/master/README.rdoc",
"refsource": "CONFIRM",
"tags": [],
"url": "https://github.com/rack/rack/blob/master/README.rdoc"
},
{
"name": "https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ",
"refsource": "MISC",
"tags": [],
"url": "https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-13T00:27Z",
"publishedDate": "2013-03-01T05:40Z"
}
}
}