Denial of Service Vulnerability in Ruby on Rails by Action Pack
CVE-2012-3424

Currently unrated

Key Information:

Vendor

Rubyonrails

Status
Ruby On Rails
Rails
Vendor
CVE Published:
8 August 2012

What is CVE-2012-3424?

A vulnerability in the decode_credentials method of Action Pack in Ruby on Rails allows remote attackers to induce a denial of service by converting Digest Authentication strings to symbols. This impacts applications that utilize the with_http_digest helper method, potentially leading to significant service disruptions.

References

https://groups.google.com/group/rubyonrails-security/msg/...
mailing-listx_refsource_MLIST
http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-h...
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2012-08/msg000...
vendor-advisoryx_refsource_SUSE

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.