CVE-2015-3225 | Severity.io

Description

lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.

Related CPE's

rack_project

rack

opensuse

debian

debian_linux

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html

http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html

Third Party Advisory

http://openwall.com/lists/oss-security/2015/06/16/14

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-2290.html

http://www.debian.org/security/2015/dsa-3322

http://www.securityfocus.com/bid/75232

https://github.com/rack/rack/blob/master/HISTORY.md

PatchIssue TrackingVendor Advisory

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/gcUbICUmKMc/qiCotVZwXrMJ

Mailing ListThird Party Advisory

Weaknesses

[email protected]

Primary

CWE-19

CVSS impact metrics

AV:N/AC:L/Au:N/C:N/I:N/A:P

5 · Medium

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2015-07-26T22:59:04.070

9 years ago

Last modified

2018-10-30T16:27:35.843

6 years ago