Vulnerability-Lookup

CVE-2018-16470 (GCVE-0-2018-16470)

Vulnerability from cvelistv5 – Published: 2018-11-13 23:00 – Updated: 2024-08-05 10:24

Summary

There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.

Severity ?

No CVSS data available.

CWE

CWE-400 - Denial of Service (CWE-400)

Assigner

hackerone

References

URL

	Vendor	Product	Version
	Rack	Rack	Affected: 2.0.6

CNVD-2018-23633

Vulnerability from cnvd - Published: 2018-11-22

Title

Rack multipart parser拒绝服务漏洞

Description

Rack是软件开发者Christian Neukirchen所研发的一个Ruby Web服务器接口，它为Web服务器、Web框架和中间件的API进行了统一，并支持使用单一的方法调用。multipart parser是其中的一个用于处理multipart/form-data请求的解析器。 Rack 2.0.6之前版本中的multipart parser存在拒绝服务漏洞，攻击者可通过发送特制的请求利用该漏洞消耗大量CPU资源。

Severity

中

Patch Name

Rack multipart parser拒绝服务漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://rack.github.io/

Reference

https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ

Impacted products

Name
Christian Neukirchen Rack <2.0.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-16470"
    }
  },
  "description": "Rack\u662f\u8f6f\u4ef6\u5f00\u53d1\u8005Christian Neukirchen\u6240\u7814\u53d1\u7684\u4e00\u4e2aRuby Web\u670d\u52a1\u5668\u63a5\u53e3\uff0c\u5b83\u4e3aWeb\u670d\u52a1\u5668\u3001Web\u6846\u67b6\u548c\u4e2d\u95f4\u4ef6\u7684API\u8fdb\u884c\u4e86\u7edf\u4e00\uff0c\u5e76\u652f\u6301\u4f7f\u7528\u5355\u4e00\u7684\u65b9\u6cd5\u8c03\u7528\u3002multipart parser\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8e\u5904\u7406multipart/form-data\u8bf7\u6c42\u7684\u89e3\u6790\u5668\u3002\n\nRack 2.0.6\u4e4b\u524d\u7248\u672c\u4e2d\u7684multipart parser\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6d88\u8017\u5927\u91cfCPU\u8d44\u6e90\u3002",
  "discovererName": "Unknow",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://rack.github.io/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-23633",
  "openTime": "2018-11-22",
  "patchDescription": "Rack\u662f\u8f6f\u4ef6\u5f00\u53d1\u8005Christian Neukirchen\u6240\u7814\u53d1\u7684\u4e00\u4e2aRuby Web\u670d\u52a1\u5668\u63a5\u53e3\uff0c\u5b83\u4e3aWeb\u670d\u52a1\u5668\u3001Web\u6846\u67b6\u548c\u4e2d\u95f4\u4ef6\u7684API\u8fdb\u884c\u4e86\u7edf\u4e00\uff0c\u5e76\u652f\u6301\u4f7f\u7528\u5355\u4e00\u7684\u65b9\u6cd5\u8c03\u7528\u3002multipart parser\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7528\u4e8e\u5904\u7406multipart/form-data\u8bf7\u6c42\u7684\u89e3\u6790\u5668\u3002\r\n\r\nRack 2.0.6\u4e4b\u524d\u7248\u672c\u4e2d\u7684multipart parser\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6d88\u8017\u5927\u91cfCPU\u8d44\u6e90\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Rack multipart parser\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Christian Neukirchen Rack \u003c2.0.6"
  },
  "referenceLink": "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ",
  "serverity": "\u4e2d",
  "submitTime": "2018-11-15",
  "title": "Rack multipart parser\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2018-16470

Vulnerability from fstec - Published: 06.11.2018

Title

Уязвимость модуля Rack интерпретатора языка программирования Ruby, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость модуля Rack интерпретатора языка программирования Ruby связана с неконтролируемым расходом ресурсов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании в результате специально сформированных запросов

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Novell Inc., Red Hat Inc., Leah Neukirchen

Software Name

OpenSUSE Leap, SUSE Linux Enterprise Module for Server Applications, SUSE Linux Enterprise Module for Public Cloud, Red Hat Satellite, Rack

Software Version

15.0 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for Server Applications), 15 (SUSE Linux Enterprise Module for Server Applications), 15 SP1 (SUSE Linux Enterprise Module for Public Cloud), 6.0 (Red Hat Satellite), до 2.0.6 (Rack), 6.6 for RHEL 7 (Red Hat Satellite)

Possible Mitigations

Использование рекомендаций: Для Rack: https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2018-16470/ Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2018-16470

Reference

https://access.redhat.com/security/cve/CVE-2018-16470 https://nvd.nist.gov/vuln/detail/CVE-2018-16470 https://www.suse.com/security/cve/CVE-2018-16470/

CWE

CWE-400

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., Red Hat Inc., Leah Neukirchen",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "15.0 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for Server Applications), 15 (SUSE Linux Enterprise Module for Server Applications), 15 SP1 (SUSE Linux Enterprise Module for Public Cloud), 6.0 (Red Hat Satellite), \u0434\u043e 2.0.6 (Rack), 6.6 for RHEL 7 (Red Hat Satellite)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Rack:\nhttps://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2018-16470/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2018-16470",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.11.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "02.11.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "02.11.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-04925",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-16470",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "OpenSUSE Leap, SUSE Linux Enterprise Module for Server Applications, SUSE Linux Enterprise Module for Public Cloud, Red Hat Satellite, Rack",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. OpenSUSE Leap 15.0 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f Rack \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Ruby, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0440\u0430\u0441\u0445\u043e\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u00ab\u0418\u0441\u0442\u043e\u0449\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u00bb) (CWE-400)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f Rack \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f Ruby \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/CVE-2018-16470\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16470\nhttps://www.suse.com/security/cve/CVE-2018-16470/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-400",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

GSD-2018-16470

Vulnerability from gsd - Updated: 2018-11-05 00:00

Details

There is a possible DoS vulnerability in the multipart parser in Rack. This vulnerability has been assigned the CVE identifier CVE-2018-16470. Versions Affected: 2.0.4, 2.0.5 Not affected: <= 2.0.3 Fixed Versions: 2.0.6 Impact ------ There is a possible DoS vulnerability in the multipart parser in Rack. Carefully crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size. Impacted code can look something like this: ``` Rack::Request.new(env).params ``` But any code that uses the multi-part parser may be vulnerable. Rack users that have manually adjusted the buffer size in the multipart parser may be vulnerable as well. All users running an affected release should either upgrade or use one of the workarounds immediately. Releases -------- The 2.0.6 release is available at the normal locations. Workarounds ----------- To work around this issue, the following code can be used: ``` require "rack/multipart/parser" Rack::Multipart::Parser.send :remove_const, :BUFSIZE Rack::Multipart::Parser.const_set :BUFSIZE, 16384 ```

Aliases

CVE-2018-16470

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-16470",
    "description": "There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.",
    "id": "GSD-2018-16470",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-16470.html",
      "https://access.redhat.com/errata/RHSA-2019:3172"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "rack",
            "purl": "pkg:gem/rack"
          }
        }
      ],
      "aliases": [
        "CVE-2018-16470",
        "GHSA-hg78-4f6x-99wq"
      ],
      "details": "There is a possible DoS vulnerability in the multipart parser in Rack. This\nvulnerability has been assigned the CVE identifier CVE-2018-16470.\n\nVersions Affected:  2.0.4, 2.0.5\nNot affected:       \u003c= 2.0.3\nFixed Versions:     2.0.6\n\nImpact\n------\nThere is a possible DoS vulnerability in the multipart parser in Rack.\nCarefully crafted requests can cause the multipart parser to enter a\npathological state, causing the parser to use CPU resources disproportionate to\nthe request size.\n\nImpacted code can look something like this:\n\n```\nRack::Request.new(env).params\n```\n\nBut any code that uses the multi-part parser may be vulnerable.\n\nRack users that have manually adjusted the buffer size in the multipart parser\nmay be vulnerable as well.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe 2.0.6 release is available at the normal locations.\n\nWorkarounds\n-----------\nTo work around this issue, the following code can be used:\n\n```\nrequire \"rack/multipart/parser\"\n\nRack::Multipart::Parser.send :remove_const, :BUFSIZE\nRack::Multipart::Parser.const_set :BUFSIZE, 16384\n```\n",
      "id": "GSD-2018-16470",
      "modified": "2018-11-05T00:00:00.000Z",
      "published": "2018-11-05T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk"
        }
      ],
      "schema_version": "1.4.0",
      "summary": "Possible DoS vulnerability in Rack"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "support@hackerone.com",
        "ID": "CVE-2018-16470",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Rack",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2.0.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Rack"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of Service (CWE-400)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ",
            "refsource": "MISC",
            "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ"
          },
          {
            "name": "RHSA-2019:3172",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:3172"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2018-16470",
      "date": "2018-11-05",
      "description": "There is a possible DoS vulnerability in the multipart parser in Rack. This\nvulnerability has been assigned the CVE identifier CVE-2018-16470.\n\nVersions Affected:  2.0.4, 2.0.5\nNot affected:       \u003c= 2.0.3\nFixed Versions:     2.0.6\n\nImpact\n------\nThere is a possible DoS vulnerability in the multipart parser in Rack.\nCarefully crafted requests can cause the multipart parser to enter a\npathological state, causing the parser to use CPU resources disproportionate to\nthe request size.\n\nImpacted code can look something like this:\n\n```\nRack::Request.new(env).params\n```\n\nBut any code that uses the multi-part parser may be vulnerable.\n\nRack users that have manually adjusted the buffer size in the multipart parser\nmay be vulnerable as well.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe 2.0.6 release is available at the normal locations.\n\nWorkarounds\n-----------\nTo work around this issue, the following code can be used:\n\n```\nrequire \"rack/multipart/parser\"\n\nRack::Multipart::Parser.send :remove_const, :BUFSIZE\nRack::Multipart::Parser.const_set :BUFSIZE, 16384\n```\n",
      "gem": "rack",
      "ghsa": "hg78-4f6x-99wq",
      "patched_versions": [
        "\u003e= 2.0.6"
      ],
      "title": "Possible DoS vulnerability in Rack",
      "unaffected_versions": [
        "\u003c= 2.0.3"
      ],
      "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=2.0.4 \u003c=2.0.5",
          "affected_versions": "All versions starting from 2.0.4 up to 2.0.5",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-400",
            "CWE-937"
          ],
          "date": "2019-10-09",
          "description": "There is a possible DoS vulnerability in the multipart parser in Rack. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.",
          "fixed_versions": [
            "2.0.6"
          ],
          "identifier": "CVE-2018-16470",
          "identifiers": [
            "CVE-2018-16470"
          ],
          "not_impacted": "All versions before 2.0.4, all versions after 2.0.5",
          "package_slug": "gem/rack",
          "pubdate": "2018-11-13",
          "solution": "Upgrade to version 2.0.6 or above.",
          "title": "Uncontrolled Resource Consumption",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-16470"
          ],
          "uuid": "fafa07ab-4b63-433a-a2aa-573f542f8f4d"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rack_project:rack:2.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rack_project:rack:2.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-assignments@hackerone.com",
          "ID": "CVE-2018-16470"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ"
            },
            {
              "name": "RHSA-2019:3172",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2019:3172"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:36Z",
      "publishedDate": "2018-11-13T23:29Z"
    }
  }
}

GHSA-HG78-4F6X-99WQ

Vulnerability from github – Published: 2018-11-15 15:58 – Updated: 2023-08-28 12:46

Summary

Rack vulnerable to Denial of Service

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.4"
            },
            {
              "fixed": "2.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-16470"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:40:04Z",
    "nvd_published_at": "2018-11-13T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.",
  "id": "GHSA-hg78-4f6x-99wq",
  "modified": "2023-08-28T12:46:14Z",
  "published": "2018-11-15T15:58:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16470"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3172"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rack/rack"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16470.yml"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Rack vulnerable to Denial of Service"
}

CERTFR-2018-AVI-532

Vulnerability from certfr_avis - Published: 2018-11-06 - Updated: 2018-11-06

De multiples vulnérabilités ont été découvertes dans Ruby On Rails. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Ruby on Rails	Ruby on Rails	Ruby On Rails toutes versions inférieures à 2.0.6 et 1.6.11

References

Title

Publication Time

FKIE_CVE-2018-16470

Vulnerability from fkie_nvd - Published: 2018-11-13 23:29 - Updated: 2024-11-21 03:52

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	support@hackerone.com	https://access.redhat.com/errata/RHSA-2019:3172
	support@hackerone.com	https://groups.google.com/forum/#%21msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ
	af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:3172
	af854a3a-2127-422b-91ae-364da2661108	https://groups.google.com/forum/#%21msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ

Impacted products

	Vendor	Product	Version
	rack_project	rack	2.0.4
	rack_project	rack	2.0.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rack_project:rack:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D44D7B2-AB7B-4707-8B72-E6E5F5DF9E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rack_project:rack:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "86B4E304-9FDE-46CB-A52D-7E4870DCFE01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size."
    },
    {
      "lang": "es",
      "value": "Hay una posible vulnerabilidad de denegaci\u00f3n de servicio (DoS) en el analizador multiparte en Rack en versiones anteriores a la 2.0.6. Las peticiones especialmente manipuladas pueden provocar que el analizador multiparte entre en estado patol\u00f3gico, haciendo que emplee una cantidad de recursos de CPU desproporcionada al tama\u00f1o de la petici\u00f3n."
    }
  ],
  "id": "CVE-2018-16470",
  "lastModified": "2024-11-21T03:52:49.123",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-13T23:29:00.263",
  "references": [
    {
      "source": "support@hackerone.com",
      "url": "https://access.redhat.com/errata/RHSA-2019:3172"
    },
    {
      "source": "support@hackerone.com",
      "url": "https://groups.google.com/forum/#%21msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2019:3172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://groups.google.com/forum/#%21msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-16470 (GCVE-0-2018-16470)

CNVD-2018-23633

CVE-2018-16470

GSD-2018-16470

GHSA-HG78-4F6X-99WQ

CERTFR-2018-AVI-532

Solution

FKIE_CVE-2018-16470

Tags

Sightings

Nomenclature