PT-2016-1412 · Ruby On Rails+1 · Action Pack+1

Aaron Patterson

Published

2016-01-31

Updated

2019-08-08

CVE-2015-7581

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Action Pack versions 4.x through 4.2.5.0 Action Pack versions 5.x through 5.0.0.beta1.0

Description The issue is related to errors in resource management in the actionpack/lib/action dispatch/routing/route set.rb component of the Action Pack in Ruby on Rails. It allows a remote attacker to cause a denial of service by exploiting an application's use of a wildcard controller route, leading to superfluous caching and memory consumption.

Recommendations For Action Pack versions 4.x through 4.2.5.0, update to version 4.2.5.1 or later. For Action Pack versions 5.x through 5.0.0.beta1.0, update to version 5.0.0.beta1.1 or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2016-00713

CVE-2015-7581

DSA-3464-1

GHSA-544J-77X9-H938

GHSA-9H6G-GP95-X3Q5

RHSA-2016:0296

RHSA-2016:0454

SUSE-SU-2016:0457-1

SUSE-SU-2016:0858-1

SUSE-SU-2016:1146-1

Affected Products

Action Pack

Suse

PT-2016-1412 · Ruby On Rails+1 · Action Pack+1

CVE-2015-7581

Weakness Enumeration

Related Identifiers

Affected Products

References · 79