5

CVE-2015-3225

lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rack ProjectRack Version <= 1.5.3
Rack ProjectRack Version1.6.0
Rack ProjectRack Version1.6.1
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.78% 0.939
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html
http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html
Third Party Advisory
http://openwall.com/lists/oss-security/2015/06/16/14
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2015-2290.html
http://www.debian.org/security/2015/dsa-3322
http://www.securityfocus.com/bid/75232
https://github.com/rack/rack/blob/master/HISTORY.md
Patch
Vendor Advisory
Issue Tracking
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/gcUbICUmKMc/qiCotVZwXrMJ
Third Party Advisory
Mailing List