CVE-2015-3225

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Rack versions prior to 1.5.4 Rack versions 1.6.x prior to 1.6.2

Description The issue allows remote attackers to cause a denial of service, resulting in a SystemStackError, via a request with a large parameter depth. This affects products that use Rack, including Ruby on Rails 3.x and 4.x.

Recommendations For Rack version prior to 1.5.4, update to version 1.5.4 or later. For Rack version 1.6.x prior to 1.6.2, update to version 1.6.2 or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

CESA-2015_2290

CVE-2015-3225

DLA-254-1

DSA-3322-1

GHSA-9VC2-P34X-JHXH

GHSA-RGR4-9JH5-J4J6

MGASA-2015-0346

OPENSUSE-SU-2024:10406-1

OPENSUSE-SU-2024:11344-1

OPENSUSE-SU-2024:11345-1

OPENSUSE-SU-2024:11346-1

OPENSUSE-SU-2024:12119-1

OPENSUSE-SU-2024:12397-1

OPENSUSE-SU-2024:12974-1

OPENSUSE-SU-2024:13167-1

OPENSUSE-SU-2024:13726-1

OPENSUSE-SU-2024:13727-1

OPENSUSE-SU-2025:14811-1

OPENSUSE-SU-2025:14875-1

OPENSUSE-SU-2026:10286-1

OPENSUSE-SU-2026:10358-1

RHSA-2015:2290

RHSA-2015_2290

SUSE-SU-2015:1522-1

SUSE-SU-2015:1888-1

SUSE-SU-2015:2190-1

SUSE-SU-2015:2274-1

SUSE-SU-2015_1522-1

SUSE-SU-2015_1888-1

SUSE-SU-2015_2190-1

Affected Products

Centos

Rack

Red Hat

Ruby On Rails

Suse

CVE-2015-3225

Weakness Enumeration

Related Identifiers

Affected Products

References · 77