Miggo Logo
Miggo Vulnerability Database
CVE-2012-6109

CVE-2012-6109: Rack vulnerable to REDoS

4.3

CVSS Score

Basic Information

CVE ID
CVE-2012-6109
GHSA ID
GHSA-h77x-m5q8-c29h
EPSS Score
0.73534%
CWE
CWE-835
Published
10/24/2017
Updated
8/25/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:N/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
rackrubygems< 1.1.41.1.4
rackrubygems>= 1.2.0, < 1.2.61.2.6
rackrubygems>= 1.3.0, < 1.3.71.3.7
rackrubygems>= 1.4.0, < 1.4.21.4.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from an insecure regular expression pattern in the Content-Disposition header parsing logic. The GitHub commit c9f65df shows the DISPPARM regex was modified from /;\s*(#{TOKEN})=("(?:\\"|[^"])*"|#{TOKEN})*/ to /;\s*(#{TOKEN})=("(?:\\"|[^"])*"|#{TOKEN})/, removing the trailing * quantifier. This indicates the original regex allowed excessive backtracking when processing malformed filenames in headers. The parse_multipart function in multipart.rb would have utilized this regex, making it the vulnerable entry point.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`li*/r**k/multip*rt.r*` in R**k ***or* *.*.*, *.*.x ***or* *.*.*, *.*.x ***or* *.*.*, *n* *.*.x ***or* *.*.* us*s *n in*orr**t r**ul*r *xpr*ssion, w*i** *llows r*mot* *tt**k*rs to **us* * **ni*l o* s*rvi** (in*init* loop) vi* * *r**t** *ont*nt-*ispos

Reasoning

T** vuln*r**ility st*ms *rom *n ins**ur* r**ul*r *xpr*ssion p*tt*rn in t** *ont*nt-*isposition *****r p*rsin* lo*i*. T** *it*u* *ommit ******* s*ows t** *ISPP*RM r***x w*s mo*i*i** *rom `/;\s*(#{TOK*N})=("(?:\\"|[^"])*"|#{TOK*N})*/` to `/;\s*(#{TOK*N