|
|
Subscribe / Log in / New account

librack-ruby: denial of service

Package(s):librack-ruby CVE #(s):CVE-2015-3225
Created:June 26, 2015 Updated:December 22, 2015
Description:

From the Debian advisory:

There is a potential denial of service vulnerability in Rack, a modular Ruby webserver interface.

Carefully crafted requests can cause a `SystemStackError` and cause a denial of service attack by exploiting the lack of a sensible depth check when doing parameter normalization.

Alerts:
Scientific Linux SLSA-2015:2290-1 pcs 2015-12-21
Red Hat RHSA-2015:2290-01 pcs 2015-11-19
Fedora FEDORA-2015-12978 rubygem-rack 2015-08-19
Debian DSA-3322-1 ruby-rack 2015-07-31
Mageia MGASA-2015-0346 ruby-rack 2015-09-08
Fedora FEDORA-2015-12979 rubygem-rack 2015-08-27
openSUSE openSUSE-SU-2015:1262-1 rubygem-rack-1_4 2015-07-17
openSUSE openSUSE-SU-2015:1263-1 rubygem-rack-1_3 2015-07-17
openSUSE openSUSE-SU-2015:1259-1 rubygem-rack 2015-07-17
Debian-LTS DLA-254-1 librack-ruby 2015-06-26
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds