CVE-2013-0184
published 2013-03-01CVE-2013-0184: Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows…
PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.42%
82.1th percentile
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ruby-rack | < ruby-rack 1.4.1-2.1 (bookworm) | ruby-rack 1.4.1-2.1 (bookworm) |
| rack | rack | >= 1.1.0 < 1.1.5 | 1.1.5 |
| rack | rack | >= 1.2.0 < 1.2.7 | 1.2.7 |
| rack | rack | >= 1.3.0 < 1.3.9 | 1.3.9 |
| rack | rack | >= 1.4.0 < 1.4.4 | 1.4.4 |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
| rack_project | rack | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Rack vulnerable to Denial of Service
ghsa·2022-05-05
CVE-2013-0184 [MEDIUM] Rack vulnerable to Denial of Service
Rack vulnerable to Denial of Service
Unspecified vulnerability in `Rack::Auth::AbstractRequest` in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."
OSV
Rack vulnerable to Denial of Service
osv·2022-05-05
CVE-2013-0184 [MEDIUM] Rack vulnerable to Denial of Service
Rack vulnerable to Denial of Service
Unspecified vulnerability in `Rack::Auth::AbstractRequest` in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."
OSV
CVE-2013-0184: Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1
osv·2013-03-01·CVSS 4.3
CVE-2013-0184 [MEDIUM] CVE-2013-0184: Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."
Debian
CVE-2013-0184: ruby-rack - Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1....
vendor_debian·2013·CVSS 4.3
CVE-2013-0184 [MEDIUM] CVE-2013-0184: ruby-rack - Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1....
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."
Scope: local
bookworm: resolved (fixed in 1.4.1-2.1)
bullseye: resolved (fixed in 1.4.1-2.1)
forky: resolved (fixed in 1.4.1-2.1)
sid: resolved (fixed in 1.4.1-2.1)
trixie: resolved (fixed in 1.4.1-2.1)
Red Hat
rubygem-rack: Rack::Auth:: AbstractRequest DoS
vendor_redhat·2012-05-04·CVSS 4.3
CVE-2013-0184 [MEDIUM] CWE-400 rubygem-rack: Rack::Auth:: AbstractRequest DoS
rubygem-rack: Rack::Auth:: AbstractRequest DoS
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."
Package: rubygem193-rack (OpenShift Enterprise 1) - Will not fix
Package: rubygem-rack (OpenShift Enterprise 1) - Will not fix
Package: rubygem-rack (Red Hat Enterprise MRG 2) - Affected
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS
bugzilla·2013-01-15·CVSS 4.3
CVE-2013-0184 [MEDIUM] CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS
CVE-2013-0184 rubygem-rack: Rack::Auth::AbstractRequest DoS
A flaw that was fixed in 1.4.4, 1.3.9, 1.2.7, and 1.1.5 was also announced [4]
that creates a minor denial of service condition, this time in the
Rack::Auth::AbstractRequest, where it symbolized arbitrary strings (apparently
this has something to do with authentication, but there is no further
information provided other than the fix [5] itself, which is noted as "a
breaking API change").
[4] https://groups.google.com/forum/#!topic/rack-devel/ImYOqcGiksw/discussion
[5] https://github.com/rack/rack/commit/0c76175fcccad74ba2f991c487d3669c28a297c8
Discussion:
Created rubygem-rack tracking bugs for this issue
Affects: fedora-all [bug 895285]
---
Created rubygem-rack tracking bugs for this issue
Affects: epel-all [bug 771152]
-
Bugzilla
CVE-2013-0184 rubygem-rack various flaws [fedora-all]
bugzilla·2013-01-15·CVSS 4.3
CVE-2013-0184 [MEDIUM] CVE-2013-0184 rubygem-rack various flaws [fedora-all]
CVE-2013-0184 rubygem-rack various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple supported
Bugzilla
CVE-2011-5036 CVE-2013-0184 rubygem-rack various flaws [epel-all]
bugzilla·2012-01-02·CVSS 5.0
CVE-2011-5036 [MEDIUM] CVE-2011-5036 CVE-2013-0184 rubygem-rack various flaws [epel-all]
CVE-2011-5036 CVE-2013-0184 rubygem-rack various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=7711
http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0544.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0548.htmlhttp://www.debian.org/security/2013/dsa-2783https://bugzilla.redhat.com/show_bug.cgi?id=895384http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0544.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0548.htmlhttp://www.debian.org/security/2013/dsa-2783https://bugzilla.redhat.com/show_bug.cgi?id=895384
2013-03-01
Published