PT-2016-1412 · Ruby On Rails+1 · Action Pack+1

Aaron Patterson

Publicado

2016-01-31

Atualizado

2019-08-08

CVE-2015-7581

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Action Pack versions 4.x through 4.2.5.0 Action Pack versions 5.x through 5.0.0.beta1.0

Description The issue is related to errors in resource management in the actionpack/lib/action dispatch/routing/route set.rb component of the Action Pack in Ruby on Rails. It allows a remote attacker to cause a denial of service by exploiting an application's use of a wildcard controller route, leading to superfluous caching and memory consumption.

Recommendations For Action Pack versions 4.x through 4.2.5.0, update to version 4.2.5.1 or later. For Action Pack versions 5.x through 5.0.0.beta1.0, update to version 5.0.0.beta1.1 or later.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

BDU:2016-00713

CVE-2015-7581

DSA-3464-1

GHSA-544J-77X9-H938

GHSA-9H6G-GP95-X3Q5

RHSA-2016:0296

RHSA-2016:0454

SUSE-SU-2016:0457-1

SUSE-SU-2016:0858-1

SUSE-SU-2016:1146-1

Produtos afetados

Action Pack

Suse

PT-2016-1412 · Ruby On Rails+1 · Action Pack+1

CVE-2015-7581

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 79