CVE-2013-0184 — Uncontrolled Resource Consumption in Rack

CWE-400 — Uncontrolled Resource Consumption10 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.7%

top 28.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rack Rack Project Rack

Timeline

PublishedMar 1

Latest updateMay 5

Description

Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶RubyGemsrack/rack1.1.0 — 1.1.5+3

▶NVDrack_project/rack23 versions+22

🔴Vulnerability Details

GHSA

Rack vulnerable to Denial of Service↗2022-05-05

▶

OSV

Rack vulnerable to Denial of Service↗2022-05-05

▶

OSV

CVE-2013-0184: Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1↗2013-03-01

▶

CVEList

CVE-2013-0184: Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1↗2013-03-01

▶

📋Vendor Advisories

Debian

CVE-2013-0184: ruby-rack - Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1....↗2013

▶

Red Hat

rubygem-rack: Rack::Auth:: AbstractRequest DoS↗2012-05-04

▶

💬Community

Bugzilla

CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS↗2013-01-15

▶

Bugzilla

CVE-2013-0184 rubygem-rack various flaws [fedora-all]↗2013-01-15

▶

Bugzilla

CVE-2011-5036 CVE-2013-0184 rubygem-rack various flaws [epel-all]↗2012-01-02

▶