---
gem: rack
cve: 2012-6109
osvdb: 89317
url: https://nvd.nist.gov/vuln/detail/CVE-2012-6109
title: |
  Rack Regular Expressions Engine Content-Disposition Header Parsing Infinite Loop Remote DoS
date: 2012-05-04

description: |
  Rack contains a flaw in the Regular Expressions Engine that may allow a remote
  denial of service. The issue is triggered when parsing context-disposition
  headers. With a specially crafted header, a remote attacker can cause an
  infinite loop, which will result in a loss of availability for the webserver.

cvss_v2: 4.3
patched_versions:
  - "~> 1.1.4"
  - "~> 1.2.6"
  - "~> 1.3.7"
  - ">= 1.4.2"