Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2018-16470

Related Vulnerabilities: CVE-2018-16470  

There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.

Source

The MITRE CVE dictionary describes this issue as:

There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.

Find out more about CVE-2018-16470 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

OpenShift Enterprise and Red Hat OpenStack Platform optools both ship rubygem-rack 1.5.2, which is not affected by this flaw.

Red Hat Subscription Asset Manager uses rubygem-rack 1.4.5, and is not affected by this flaw.

Red Hat Update Infrastructure ships rubygem-rack version 1.4.2, which is not affected by this flaw.

Red Hat CloudForms versions 4.5 and 4.6 ship rack version 2.0.3, which is not affected by this flaw; while Red Hat CloudForms version 4.7 ships rack version 2.0.6, which already contains the fix for this flaw.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 5.3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact Low

Affected Packages State

Platform Package State
Red Hat Subscription Asset Manager 1 ruby193-rubygem-rack Not affected
Red Hat Software Collections for Red Hat Enterprise Linux rh-ror50-rubygem-rack Not affected
Red Hat Software Collections for Red Hat Enterprise Linux rh-ror42-rubygem-rack Not affected
Red Hat Satellite 6 rubygem-rack Not affected
Red Hat Satellite 6 tfm-ror51-rubygem-rack Affected
Red Hat OpenStack Platform Operational Tools 9 rubygem-rack Not affected
Red Hat OpenStack Platform Operational Tools 14 rubygem-rack Not affected
Red Hat OpenStack Platform 13.0 Operational Tools for RHEL 7 rubygem-rack Not affected
Red Hat OpenStack Platform 12.0 Operational Tools for RHEL 7 rubygem-rack Not affected
Red Hat OpenStack Platform 10.0 Operational Tools for RHEL 7 rubygem-rack Not affected
Red Hat OpenShift Enterprise 3.2 rubygem-rack Not affected
Red Hat OpenShift Enterprise 3.1 rubygem-rack Not affected
Red Hat OpenShift Container Platform 3.4 rubygem-rack Not affected
Red Hat OpenShift Container Platform 3.3 rubygem-rack Not affected
Red Hat Gluster Storage 3 rubygem-rack Not affected
Red Hat Enterprise Linux OpenStack Platform 8.0 Operational Tools for RHEL 7 rubygem-rack Not affected

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started