QwikSec

Security Database

CVE

CWE

Training

CVE-2018-16470

Published: Nov 13, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.

Vendor	Product	Versions
Rack	Rack	affected `2.0.6`

Weaknesses (CWE)

References

https://groups.google.com/forum/#%21msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.