Rack 'multipart/parser.rb' CVE-2013-0183 Denial of Service Vulnerability
BID:58768
Info
Rack 'multipart/parser.rb' CVE-2013-0183 Denial of Service Vulnerability
| Bugtraq ID: | 58768 |
| Class: | Unknown |
| CVE: |
CVE-2013-0183 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 16 2013 12:00AM |
| Updated: | Apr 13 2015 09:51PM |
| Credit: | Paul Rogers and Vendor |
| Vulnerable: |
SuSE Cloud 1.0 Redhat Subscription Asset Manager 0 Redhat CloudForms 0 Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 Christian Neukirchen Rack 1.4.2 Christian Neukirchen Rack 1.3.7 Christian Neukirchen Rack 1.4.0 Christian Neukirchen Rack 1.3.6 Christian Neukirchen Rack 1.3.5 |
| Not Vulnerable: |
Christian Neukirchen Rack 1.4.3 Christian Neukirchen Rack 1.3.8 |
Discussion
Rack 'multipart/parser.rb' CVE-2013-0183 Denial of Service Vulnerability
Rack is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to cause denial-of-service conditions.
Note: This issue was previously discussed in BID 57430 (Rack Multiple Denial of Service Vulnerabilities), but has been moved to its own record to better document it.
Versions prior to Rack 1.3.8 and 1.4.3 are vulnerable.
Rack is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to cause denial-of-service conditions.
Note: This issue was previously discussed in BID 57430 (Rack Multiple Denial of Service Vulnerabilities), but has been moved to its own record to better document it.
Versions prior to Rack 1.3.8 and 1.4.3 are vulnerable.
Exploit / POC
Rack 'multipart/parser.rb' CVE-2013-0183 Denial of Service Vulnerability
Attackers can use readily available tools to exploit this issue.
Attackers can use readily available tools to exploit this issue.
Solution / Fix
Rack 'multipart/parser.rb' CVE-2013-0183 Denial of Service Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Rack 'multipart/parser.rb' CVE-2013-0183 Denial of Service Vulnerability
References:
References:
- SUSE-SU-2013:0508-1: important: Security update for rubygem-merb-core (SUSE)
- [SEC][ANN] Rack 1.4.4, a modular Ruby webserver interface (Christian Neukirchen)
- Bug 895282 - (CVE-2013-0183) CVE-2013-0183 rubygem-rack: receiving excessively l (Red Hat Bugzilla)
- bug report and unit test for infinite loop parsing Content-Disposion header (Paul Rogers)
- Important: Subscription Asset Manager 1.2 update (Red Hat)
- Moderate: CloudForms Common 1.1.2 update (Red Hat)
- Rack Home Page (Christian Neukirchen)
- [SEC][ANN] Rack 1.3.8, a modular Ruby webserver interface (Christian Neukirchen)