CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-16470

There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.9%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://access.redhat.com/errata/RHSA-2019:3172
https://groups.google.com/forum/#%21msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ
https://access.redhat.com/errata/RHSA-2019:3172
https://groups.google.com/forum/#%21msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ

Products affected by CVE-2018-16470

Rack Project » Rack » Version: 2.0.4

cpe:2.3:a:rack_project:rack:2.0.4
Rack Project » Rack » Version: 2.0.5

cpe:2.3:a:rack_project:rack:2.0.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-16470

Products

Pricing

Contact Us