Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0183

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-0183
Last Modified 30 Oct 2013 11:30:51
Published 01 Mar 2013 12:40:17
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-0183

Summary

multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.

Vulnerable Systems

Application

  • Rack Project Rack 1.3.0

  • Rack Project Rack 1.3.1

  • Rack Project Rack 1.3.2

  • Rack Project Rack 1.3.3

  • Rack Project Rack 1.3.4

  • Rack Project Rack 1.3.5

  • Rack Project Rack 1.3.6

  • Rack Project Rack 1.3.7

  • Rack Project Rack 1.4.0

  • Rack Project Rack 1.4.1

  • Rack Project Rack 1.4.2


References

CONFIRM - https://groups.google.com/forum/#!topic/rack-devel/7ZKPNAjgRSs

CONFIRM - https://groups.google.com/forum/#!topic/rack-devel/-MWPHDeGWtI

CONFIRM - https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18

CONFIRM - https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=895282

REDHAT - RHSA-2013:0548

REDHAT - RHSA-2013:0544

CONFIRM - http://rack.github.com/

SUSE - openSUSE-SU-2013:0462

DEBIAN - DSA-2783


Last Updated: 27 May 2016 10:58:34