Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-16470

Опубликовано: 06 нояб. 2018
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.

Отчет

OpenShift Enterprise and Red Hat OpenStack Platform optools both ship rubygem-rack 1.5.2, which is not affected by this flaw. Red Hat Subscription Asset Manager uses rubygem-rack 1.4.5, and is not affected by this flaw. Red Hat Update Infrastructure ships rubygem-rack version 1.4.2, which is not affected by this flaw. Red Hat CloudForms versions 4.5 and 4.6 ship rack version 2.0.3, which is not affected by this flaw; while Red Hat CloudForms version 4.7 ships rack version 2.0.6, which already contains the fix for this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5cfme-amazon-smartstateNot affected
CloudForms Management Engine 5cfme-gemsetNot affected
CloudForms Management Engine 5dbus-api-serviceNot affected
Red Hat OpenShift Container Platform 3.2rubygem-rackNot affected
Red Hat OpenShift Container Platform 3.3rubygem-rackNot affected
Red Hat OpenShift Container Platform 3.4rubygem-rackNot affected
Red Hat OpenShift Enterprise 3.1rubygem-rackNot affected
Red Hat OpenStack Platform 10 (Newton) Operational Toolsrubygem-rackNot affected
Red Hat OpenStack Platform 12 (Pike) Operational Toolsrubygem-rackNot affected
Red Hat OpenStack Platform 13 (Queens) Operational Toolsrubygem-rackNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1646814rubygem-rack: Buffer size in multipart parser allows for denial of service

EPSS

Процентиль: 39%
0.00177
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-16470

CVSS3: 7.5
ubuntu
около 7 лет назад

There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.

nvd логотип

CVE-2018-16470

CVSS3: 7.5
nvd
около 7 лет назад

There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.

debian логотип

CVE-2018-16470

CVSS3: 7.5
debian
около 7 лет назад

There is a possible DoS vulnerability in the multipart parser in Rack ...

github логотип

GHSA-hg78-4f6x-99wq

CVSS3: 7.5
github
около 7 лет назад

Rack vulnerable to Denial of Service

fstec логотип

BDU:2020-04925

CVSS3: 7.5
fstec
больше 7 лет назад

Уязвимость модуля Rack интерпретатора языка программирования Ruby, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 39%
0.00177
Низкий

5.3 Medium

CVSS3

Уязвимость CVE-2018-16470