Denial of Service Vulnerability in Rack Used with Ruby on Rails
CVE-2015-3225

Currently unrated

Key Information:

Vendor

Rack Project

Status
Rack
Vendor
CVE Published:
26 July 2015

What is CVE-2015-3225?

A vulnerability exists in the Rack library, affecting versions prior to 1.5.4 and the 1.6.x branch versions prior to 1.6.2, which could allow remote attackers to trigger a denial of service. This can occur when an attacker sends a specially crafted request that includes a large parameter depth, leading to a SystemStackError. As a result, applications using Rack, including those developed with Ruby on Rails, may become unresponsive, impacting availability.

References

http://lists.opensuse.org/opensuse-updates/2015-07/msg000...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2015-07/msg000...
vendor-advisoryx_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-2290.html
vendor-advisoryx_refsource_REDHAT

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2015-3225 : Denial of Service Vulnerability in Rack Used with Ruby on Rails