5

CVE-2015-3227

The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
RubyonrailsRails Version4.1.0
RubyonrailsRails Version4.1.1
RubyonrailsRails Version4.1.2
RubyonrailsRails Version4.1.3
RubyonrailsRails Version4.1.4
RubyonrailsRails Version4.1.5
RubyonrailsRails Version4.1.6
RubyonrailsRails Version4.1.7
RubyonrailsRails Version4.1.8
RubyonrailsRails Version4.2.0
RubyonrailsRails Version4.2.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.26% 0.898
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.debian.org/security/2016/dsa-3464
http://www.securitytracker.com/id/1033755
http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html
http://openwall.com/lists/oss-security/2015/06/16/16
http://www.securityfocus.com/bid/75234
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J
Vendor Advisory