CVE-2012-6109 Information

Description

lib/rack/multipart.rb in Rack before 1.1.4 1.2.x before 1.2.6 1.3.x before 1.3.7 and 1.4.x before 1.4.2 uses an incorrect regular expression which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.

Reference

http://rack.github.com/ http://rhn.redhat.com/errata/RHSA-2013-0544.html http://rhn.redhat.com/errata/RHSA-2013-0548.html https://bugzilla.redhat.com/show_bug.cgi?id=895277 https://github.com/rack/rack/blob/master/README.rdoc https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5 https://groups.google.com/forum/!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ