Rack 'lib/rack/multipart.rb' CVE-2012-6109 Denial of Service Vulnerability

Bugtraq ID:	58767
Class:	Unknown
CVE:	CVE-2012-6109
Remote:	Yes
Local:	No
Published:	Jan 16 2013 12:00AM
Updated:	Apr 16 2015 05:43PM
Credit:	Paul Rogers and Vendor
Vulnerable:	Gentoo Linux Christian Neukirchen Rack 1.2 Christian Neukirchen Rack 1.1 Christian Neukirchen Rack 1.4.0 Christian Neukirchen Rack 1.3.6 Christian Neukirchen Rack 1.3.5 Christian Neukirchen Rack 1.2.5 Christian Neukirchen Rack 1.2.4 Christian Neukirchen Rack 1.1.3 Christian Neukirchen Rack 1.1.2
Not Vulnerable:

Rack 'lib/rack/multipart.rb' CVE-2012-6109 Denial of Service Vulnerability

Rack is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to cause denial-of-service conditions.

Note: This issue was previously discussed in BID 57430 (Rack Multiple Denial of Service Vulnerabilities), but has been moved to its own record to better document it.

Versions prior to Rack 1.1.4, 1.2.6, 1.3.7, and 1.4.2 are vulnerable.

Rack 'lib/rack/multipart.rb' CVE-2012-6109 Denial of Service Vulnerability

Attackers can use readily available tools to exploit this issue.

Rack 'lib/rack/multipart.rb' CVE-2012-6109 Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Rack 'lib/rack/multipart.rb' CVE-2012-6109 Denial of Service Vulnerability

References: