VDB

RHSA-2013%3A0548

RHSA-2013%3A0548 PUBLISHED CVSS 4.300000190734863 MEDIUM

lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.

Risk Scores

CVSS 2.0
4.300000190734863

Affected Products

VendorProductVersions
Red Hatrubygem-rdoc-0:3.8-6.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Serverrubygem-rdoc-0:3.8-6.el6cf.noarch
Red Hatrubygem-delayed_job-0:2.1.4-3.el6cf.src as a component of CloudForms System Engine for RHEL 6 Server*
Red Hatrubygem-rdoc-0:3.8-6.el6cf.src as a component of CloudForms System Engine for RHEL 6 Serverrubygem-rdoc-0:3.8-6.el6cf.src
Red Hatrubygem-delayed_job-0:2.1.4-3.el6cf.noarch as a component of CloudForms System Engine for RHEL 6 Server*
Red Hatrubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64 as a component of CloudForms System Engine for RHEL 6 Serverrubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64
Red Hatrubygem-rspec-rails-0:2.6.1-7.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Server*
Red Hatrubygem-rdoc-doc-0:3.8-6.el6cf.noarch as a component of CloudForms System Engine for RHEL 6 Server*
Red Hatrubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Serverrubygem-nokogiri-doc-0:1.5.0-0.9.beta4.el6cf.noarch
Red Hatrubygem-activesupport-1:3.0.10-10.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Serverrubygem-activesupport-1:3.0.10-10.el6cf.src
Red Hatrubygem-rack-1:1.3.0-3.el6cf.src as a component of CloudForms System Engine for RHEL 6 Serverrubygem-rack-1:1.3.0-3.el6cf.src
Red Hatrubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Serverrubygem-shoulda-doc-0:2.11.3-5.el6cf.noarch
Red Hatrubygem-delayed_job-0:2.1.4-3.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Serverrubygem-delayed_job-0:2.1.4-3.el6cf.noarch
Red Hatrubygem-shoulda-0:2.11.3-5.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Serverrubygem-shoulda-0:2.11.3-5.el6cf.src
Red Hatrubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64 as a component of CloudForms System Engine for RHEL 6 Serverrubygem-nokogiri-debuginfo-0:1.5.0-0.9.beta4.el6cf.x86_64
Red Hatrubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64 as a component of CloudForms Cloud Engine for RHEL 6 Serverrubygem-nokogiri-0:1.5.0-0.9.beta4.el6cf.x86_64
Red Hatrubygem-ruby_parser-0:2.0.4-6.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Serverrubygem-ruby_parser-0:2.0.4-6.el6cf.src
Red Hatrubygem-rdoc-doc-0:3.8-6.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Server*
Red Hatrubygem-rails_warden-0:0.5.5-2.el6cf.noarch as a component of CloudForms Cloud Engine for RHEL 6 Serverrubygem-rails_warden-0:0.5.5-2.el6cf.noarch
Red Hatrubygem-delayed_job-0:2.1.4-3.el6cf.src as a component of CloudForms Cloud Engine for RHEL 6 Serverrubygem-delayed_job-0:2.1.4-3.el6cf.src
Red Hatrubygem-rdoc-0:3.8-6.el6cf.noarch as a component of CloudForms System Engine for RHEL 6 Serverrubygem-rdoc-0:3.8-6.el6cf.noarch

…and 28 more

Timeline

  • Feb 21, 2013 CVE Published
  • Mar 27, 2026 CVE Updated
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory

References

…and 5 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›