2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2013-0183" ,
"sourceIdentifier" : "secalert@redhat.com" ,
"published" : "2013-03-01T05:40:17.037" ,
2024-11-22 19:15:24 +00:00
"lastModified" : "2024-11-21T01:47:00.983" ,
2023-04-24 12:24:31 +02:00
"vulnStatus" : "Modified" ,
2024-12-08 03:06:42 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet."
} ,
{
"lang" : "es" ,
"value" : "multipart/parser.rb de Rack v1.3.x antes de v1.3.8 y v1.4.x antes de v1.4.3 permite a atacantes remotos causar una denegaci\u00f3n de servicios (consumo de memoria y accesos fuera de rango) usando un long string en un paquete Multipart HTTP."
}
] ,
"metrics" : {
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P" ,
2024-11-22 19:15:24 +00:00
"baseScore" : 5.0 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
2024-11-22 19:15:24 +00:00
"availabilityImpact" : "PARTIAL"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 10.0 ,
"impactScore" : 2.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-119"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rack_project:rack:1.3.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "98CBCA07-8EEC-49D0-8C17-7887ABB63ED6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rack_project:rack:1.3.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "93B65658-8E1B-4832-822A-1C3770B33BB9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rack_project:rack:1.3.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9E9E3412-6D9C-46FC-806E-0E0D310D4DDE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rack_project:rack:1.3.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "10A95FAF-3314-4F3F-8619-DAED41648AE3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rack_project:rack:1.3.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "00901558-9028-4BDF-AFE6-502DF2632069"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rack_project:rack:1.3.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5A8CBC63-DBA8-4A4E-87D7-5B891CDF7091"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rack_project:rack:1.3.6:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8F6A8485-8F4B-42E8-81ED-84CE5CE8E27D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rack_project:rack:1.3.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FBEE2AAF-1575-44F7-9B1B-87504E0425E0"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2A3DD73E-6BD4-4C18-A4B8-AFA6860A4585"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "95E3FF6F-58C3-4491-BBD1-C4C13287A07D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:rack_project:rack:1.4.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C04A5634-62C7-4B01-B644-06A6A1D5A828"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://rack.github.com/" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0544.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0548.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.debian.org/security/2013/dsa-2783" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=895282" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs" ,
"source" : "secalert@redhat.com"
2024-11-22 19:15:24 +00:00
} ,
{
"url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://rack.github.com/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0544.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0548.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.debian.org/security/2013/dsa-2783" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=895282" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
2023-04-24 12:24:31 +02:00
}
]
}
