Rack Content-Disposition Parsing Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Content-Disposition parsing component of Rack, a Ruby web server interface. This issue affects Rack versions 3.1.0 prior to 3.1.16. The vulnerability allows carefully crafted input to disrupt normal parsing of the Content-Disposition header, which is commonly used in multipart processing. As a result, the parsing can take an unusually long time, potentially leading to a denial-of-service condition. This vulnerability is particularly relevant for applications that handle multipart posts with Rack, such as most Rails applications.

Impact

Exploitation of this vulnerability can cause a significant delay in Content-Disposition header processing, leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a multipart request with a specially crafted Content-Disposition header that includes quoted characters. The Rack application will parse the header in a way that introduces a delay, demonstrating the denial-of-service aspect of the vulnerability.

Remediation

Users can upgrade to Rack version 3.1.16 or later to address this vulnerability.