RubySec

Providing security resources for the Ruby community

CVE-2013-0184 (rack): Rack Rack::Auth::AbstractRequest Class Unspecified Remote DoS

ADVISORIES

GEM

rack

SEVERITY

CVSS v2: 4.3

PATCHED VERSIONS

  • ~> 1.1.5
  • ~> 1.2.7
  • ~> 1.3.9
  • >= 1.4.4

DESCRIPTION

Rack contains a flaw in the Rack::Auth::AbstractRequest class that may allow a remote denial of service. The issue is triggered when an unspecified error occurs, which will result in a loss of availability for the webserver.