PT-2015-6104 · Ruby+3 · Ruby On Rails+4

Tomek Rabczak

Publicado

2015-07-26

Atualizado

2026-03-13

CVE-2015-3225

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Rack versions prior to 1.5.4 Rack versions 1.6.x prior to 1.6.2

Description The issue allows remote attackers to cause a denial of service, resulting in a SystemStackError, via a request with a large parameter depth. This affects products that use Rack, including Ruby on Rails 3.x and 4.x.

Recommendations For Rack version prior to 1.5.4, update to version 1.5.4 or later. For Rack version 1.6.x prior to 1.6.2, update to version 1.6.2 or later.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-19

Identificadores relacionados

CESA-2015_2290

CVE-2015-3225

DLA-254-1

DSA-3322-1

GHSA-9VC2-P34X-JHXH

GHSA-RGR4-9JH5-J4J6

MGASA-2015-0346

OPENSUSE-SU-2024:10406-1

OPENSUSE-SU-2024:11344-1

OPENSUSE-SU-2024:11345-1

OPENSUSE-SU-2024:11346-1

OPENSUSE-SU-2024:12119-1

OPENSUSE-SU-2024:12397-1

OPENSUSE-SU-2024:12974-1

OPENSUSE-SU-2024:13167-1

OPENSUSE-SU-2024:13726-1

OPENSUSE-SU-2024:13727-1

OPENSUSE-SU-2025:14811-1

OPENSUSE-SU-2025:14875-1

OPENSUSE-SU-2026:10286-1

OPENSUSE-SU-2026:10358-1

RHSA-2015:2290

RHSA-2015_2290

SUSE-SU-2015:1522-1

SUSE-SU-2015:1888-1

SUSE-SU-2015:2190-1

SUSE-SU-2015:2274-1

SUSE-SU-2015_1522-1

SUSE-SU-2015_1888-1

SUSE-SU-2015_2190-1

Produtos afetados

Centos

Rack

Red Hat

Ruby On Rails

Suse

PT-2015-6104 · Ruby+3 · Ruby On Rails+4

CVE-2015-3225

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 77