Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-3225 (GCVE-0-2015-3225)
Vulnerability from cvelistv5 – Published: 2015-07-26 22:00 – Updated: 2024-08-06 05:39
VLAI
EPSS
Summary
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| http://rhn.redhat.com/errata/RHSA-2015-2290.html | vendor-advisoryx_refsource_REDHAT |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://github.com/rack/rack/blob/master/HISTORY.md | x_refsource_CONFIRM |
| https://groups.google.com/forum/message/raw?msg=r… | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2015/dsa-3322 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-updates/2015-0… | vendor-advisoryx_refsource_SUSE |
| http://www.securityfocus.com/bid/75232 | vdb-entryx_refsource_BID |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://openwall.com/lists/oss-security/2015/06/16/14 | mailing-listx_refsource_MLIST |
Date Public
2015-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2015:1262",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html"
},
{
"name": "openSUSE-SU-2015:1263",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html"
},
{
"name": "RHSA-2015:2290",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2290.html"
},
{
"name": "FEDORA-2015-12979",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rack/rack/blob/master/HISTORY.md"
},
{
"name": "[rubyonrails-security] 20150616 [CVE-2015-3225] Potential Denial of Service Vulnerability in Rack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/gcUbICUmKMc/qiCotVZwXrMJ"
},
{
"name": "DSA-3322",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3322"
},
{
"name": "openSUSE-SU-2015:1259",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html"
},
{
"name": "75232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75232"
},
{
"name": "FEDORA-2015-12978",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html"
},
{
"name": "[oss-security] 20150616 [CVE-2015-3225] Potential Denial of Service Vulnerability in Rack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/06/16/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2015:1262",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html"
},
{
"name": "openSUSE-SU-2015:1263",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html"
},
{
"name": "RHSA-2015:2290",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2290.html"
},
{
"name": "FEDORA-2015-12979",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rack/rack/blob/master/HISTORY.md"
},
{
"name": "[rubyonrails-security] 20150616 [CVE-2015-3225] Potential Denial of Service Vulnerability in Rack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/gcUbICUmKMc/qiCotVZwXrMJ"
},
{
"name": "DSA-3322",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3322"
},
{
"name": "openSUSE-SU-2015:1259",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html"
},
{
"name": "75232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75232"
},
{
"name": "FEDORA-2015-12978",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html"
},
{
"name": "[oss-security] 20150616 [CVE-2015-3225] Potential Denial of Service Vulnerability in Rack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2015/06/16/14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:1262",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html"
},
{
"name": "openSUSE-SU-2015:1263",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html"
},
{
"name": "RHSA-2015:2290",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2290.html"
},
{
"name": "FEDORA-2015-12979",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html"
},
{
"name": "https://github.com/rack/rack/blob/master/HISTORY.md",
"refsource": "CONFIRM",
"url": "https://github.com/rack/rack/blob/master/HISTORY.md"
},
{
"name": "[rubyonrails-security] 20150616 [CVE-2015-3225] Potential Denial of Service Vulnerability in Rack",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/gcUbICUmKMc/qiCotVZwXrMJ"
},
{
"name": "DSA-3322",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3322"
},
{
"name": "openSUSE-SU-2015:1259",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html"
},
{
"name": "75232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75232"
},
{
"name": "FEDORA-2015-12978",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html"
},
{
"name": "[oss-security] 20150616 [CVE-2015-3225] Potential Denial of Service Vulnerability in Rack",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/06/16/14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3225",
"datePublished": "2015-07-26T22:00:00.000Z",
"dateReserved": "2015-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:39:32.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2015-3225",
"date": "2026-05-28",
"epss": "0.13251",
"percentile": "0.94257"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.5.3\", \"matchCriteriaId\": \"31ACD93B-B2C5-4991-8C7C-DF4969109B2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rack_project:rack:1.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"334AC93B-39D9-4664-90D5-CC5B6D8DB0A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rack_project:rack:1.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B413351-9FC2-4F4B-8C42-FFF0E5784DCD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A10BC294-9196-425F-9FB0-B1625465B47F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F59A04-14CF-49E2-9973-645477EA09DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad en lib/rack/utils.rb en Rack en versiones anteriores a 1.5.4 y 1.6.x anteriores a 1.6.2, tal como se utiliza con Ruby on Rails en versiones 3.x y 4.x y en otros productos, permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (SystemStackError) a trav\\u00e9s de una solicitud con un par\\u00e1metro de gran tama\\u00f1o.\"}]",
"id": "CVE-2015-3225",
"lastModified": "2024-11-21T02:28:56.693",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2015-07-26T22:59:04.070",
"references": "[{\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://openwall.com/lists/oss-security/2015/06/16/14\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-2290.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3322\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/75232\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://github.com/rack/rack/blob/master/HISTORY.md\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/gcUbICUmKMc/qiCotVZwXrMJ\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://openwall.com/lists/oss-security/2015/06/16/14\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-2290.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3322\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/75232\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/rack/rack/blob/master/HISTORY.md\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/gcUbICUmKMc/qiCotVZwXrMJ\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-19\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-3225\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-07-26T22:59:04.070\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en lib/rack/utils.rb en Rack en versiones anteriores a 1.5.4 y 1.6.x anteriores a 1.6.2, tal como se utiliza con Ruby on Rails en versiones 3.x y 4.x y en otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (SystemStackError) a trav\u00e9s de una solicitud con un par\u00e1metro de gran tama\u00f1o.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-19\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.3\",\"matchCriteriaId\":\"31ACD93B-B2C5-4991-8C7C-DF4969109B2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"334AC93B-39D9-4664-90D5-CC5B6D8DB0A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B413351-9FC2-4F4B-8C42-FFF0E5784DCD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10BC294-9196-425F-9FB0-B1625465B47F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://openwall.com/lists/oss-security/2015/06/16/14\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2290.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3322\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/75232\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/rack/rack/blob/master/HISTORY.md\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/gcUbICUmKMc/qiCotVZwXrMJ\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://openwall.com/lists/oss-security/2015/06/16/14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2290.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3322\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/75232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/rack/rack/blob/master/HISTORY.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://groups.google.com/forum/message/raw?msg=rubyonrails-security/gcUbICUmKMc/qiCotVZwXrMJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
}
}
RHSA-2015:2290
Vulnerability from csaf_redhat - Published: 2015-11-19 04:43 - Updated: 2025-11-21 17:54Summary
Red Hat Security Advisory: pcs security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An updated pcs package that fixes one security issue, several bugs, and
add various enhancements is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details: The pcs package provides a configuration tool for Corosync and Pacemaker.
It permits users to easily view, modify and create Pacemaker based
clusters. The pcs package includes Rack, which provides a minimal interface
between webservers that support Ruby and Ruby frameworks.
A flaw was found in a way Rack processed parameters of incoming requests.
An attacker could use this flaw to send a crafted request that would cause
an application using Rack to crash. (CVE-2015-3225)
Red Hat would like to thank Ruby upstream developers for reporting this.
Upstream acknowledges Tomek Rabczak from the NCC Group as the original
reporter.
The pcs package has been upgraded to upstream version 0.9.143, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#1198265)
The following enhancements are described in more detail in the Red Hat
Enterprise Linux 7.2 Release Notes, linked to from the References section:
* The pcs resource move and pcs resource ban commands now display a warning
message to clarify the commands' behavior (BZ#1201452)
* New command to move a Pacemaker resource to its preferred node
(BZ#1122818)
This update also fixes the following bugs:
* Before this update, a bug caused location, ordering, and colocation
constraints related to a resource group to be removed when removing any
resource from that group. This bug has been fixed, and the constraints are
now preserved until the group has no resources left, and is removed.
(BZ#1158537)
* Previously, when a user disabled a resource clone or multi-state
resource, and then later enabled a primitive resource within it, the clone
or multi-state resource remained disabled. With this update, enabling a
resource within a disabled clone or multi-state resource enables it.
(BZ#1218979)
* When the web UI displayed a list of resource attributes, a bug caused
the list to be truncated at the first "=" character. This update fixes the
bug and now the web UI displays lists of resource attributes correctly.
(BZ#1243579)
* The documentation for the "pcs stonith confirm" command was not clear.
This could lead to incorrect usage of the command, which could in turn
cause data corruption. With this update, the documentation has been
improved and the "pcs stonith confirm" command is now more clearly
explained. (BZ#1245264)
* Previously, if there were any unauthenticated nodes, creating a new
cluster, adding a node to an existing cluster, or adding a cluster to the
web UI failed with the message "Node is not authenticated". With this
update, when the web UI detects a problem with authentication, the web UI
displays a dialog to authenticate nodes as necessary. (BZ#1158569)
* Previously, the web UI displayed only primitive resources. Thus there was
no way to set attributes, constraints and other properties separately for a
parent resource and a child resource. This has now been fixed, and
resources are displayed in a tree structure, meaning all resource elements
can be viewed and edited independently. (BZ#1189857)
In addition, this update adds the following enhancements:
* A dashboard has been added which shows the status of clusters in the web
UI. Previously, it was not possible to view all important information about
clusters in one place. Now, a dashboard showing the status of clusters has
been added to the main page of the web UI. (BZ#1158566)
* With this update, the pcsd daemon automatically synchronizes pcsd
configuration across a cluster. This enables the web UI to be run from any
node, allowing management even if any particular node is down. (BZ#1158577)
* The web UI can now be used to set permissions for users and groups on a
cluster. This allows users and groups to have their access restricted to
certain operations on certain clusters. (BZ#1158571)
All pcs users are advised to upgrade to this updated package, which
corrects these issues and add these enhancements.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in a way Rack processed parameters of incoming requests. An attacker could use this flaw to send a crafted request that would cause an application using Rack to crash.
4.3 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-HighAvailability:pcs-0:0.9.143-15.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability:pcs-0:0.9.143-15.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability:pcs-0:0.9.143-15.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage:pcs-0:0.9.143-15.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage:pcs-0:0.9.143-15.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage:pcs-0:0.9.143-15.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
59 references
Acknowledgments
NCC Group
Tomek Rabczak
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated pcs package that fixes one security issue, several bugs, and\nadd various enhancements is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "The pcs package provides a configuration tool for Corosync and Pacemaker.\nIt permits users to easily view, modify and create Pacemaker based\nclusters. The pcs package includes Rack, which provides a minimal interface\nbetween webservers that support Ruby and Ruby frameworks.\n\nA flaw was found in a way Rack processed parameters of incoming requests.\nAn attacker could use this flaw to send a crafted request that would cause\nan application using Rack to crash. (CVE-2015-3225)\n\nRed Hat would like to thank Ruby upstream developers for reporting this.\nUpstream acknowledges Tomek Rabczak from the NCC Group as the original\nreporter.\n\nThe pcs package has been upgraded to upstream version 0.9.143, which\nprovides a number of bug fixes and enhancements over the previous version.\n(BZ#1198265)\n\nThe following enhancements are described in more detail in the Red Hat\nEnterprise Linux 7.2 Release Notes, linked to from the References section:\n\n* The pcs resource move and pcs resource ban commands now display a warning\nmessage to clarify the commands\u0027 behavior (BZ#1201452)\n\n* New command to move a Pacemaker resource to its preferred node\n(BZ#1122818)\n\nThis update also fixes the following bugs:\n\n* Before this update, a bug caused location, ordering, and colocation\nconstraints related to a resource group to be removed when removing any\nresource from that group. This bug has been fixed, and the constraints are\nnow preserved until the group has no resources left, and is removed.\n(BZ#1158537)\n\n* Previously, when a user disabled a resource clone or multi-state\nresource, and then later enabled a primitive resource within it, the clone\nor multi-state resource remained disabled. With this update, enabling a\nresource within a disabled clone or multi-state resource enables it.\n(BZ#1218979)\n\n* When the web UI displayed a list of resource attributes, a bug caused\nthe list to be truncated at the first \"=\" character. This update fixes the\nbug and now the web UI displays lists of resource attributes correctly.\n(BZ#1243579)\n\n* The documentation for the \"pcs stonith confirm\" command was not clear.\nThis could lead to incorrect usage of the command, which could in turn\ncause data corruption. With this update, the documentation has been\nimproved and the \"pcs stonith confirm\" command is now more clearly\nexplained. (BZ#1245264)\n\n* Previously, if there were any unauthenticated nodes, creating a new\ncluster, adding a node to an existing cluster, or adding a cluster to the\nweb UI failed with the message \"Node is not authenticated\". With this\nupdate, when the web UI detects a problem with authentication, the web UI\ndisplays a dialog to authenticate nodes as necessary. (BZ#1158569)\n\n* Previously, the web UI displayed only primitive resources. Thus there was\nno way to set attributes, constraints and other properties separately for a\nparent resource and a child resource. This has now been fixed, and\nresources are displayed in a tree structure, meaning all resource elements\ncan be viewed and edited independently. (BZ#1189857)\n\nIn addition, this update adds the following enhancements:\n\n* A dashboard has been added which shows the status of clusters in the web\nUI. Previously, it was not possible to view all important information about\nclusters in one place. Now, a dashboard showing the status of clusters has\nbeen added to the main page of the web UI. (BZ#1158566)\n\n* With this update, the pcsd daemon automatically synchronizes pcsd\nconfiguration across a cluster. This enables the web UI to be run from any\nnode, allowing management even if any particular node is down. (BZ#1158577)\n\n* The web UI can now be used to set permissions for users and groups on a\ncluster. This allows users and groups to have their access restricted to\ncertain operations on certain clusters. (BZ#1158571)\n\nAll pcs users are advised to upgrade to this updated package, which\ncorrects these issues and add these enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:2290",
"url": "https://access.redhat.com/errata/RHSA-2015:2290"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/High_Availability_Add-On_Reference/",
"url": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/High_Availability_Add-On_Reference/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/index.html",
"url": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/index.html"
},
{
"category": "external",
"summary": "1121791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121791"
},
{
"category": "external",
"summary": "1134426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1134426"
},
{
"category": "external",
"summary": "1148863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148863"
},
{
"category": "external",
"summary": "1158491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1158491"
},
{
"category": "external",
"summary": "1158537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1158537"
},
{
"category": "external",
"summary": "1158571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1158571"
},
{
"category": "external",
"summary": "1163671",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163671"
},
{
"category": "external",
"summary": "1163682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163682"
},
{
"category": "external",
"summary": "1165803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165803"
},
{
"category": "external",
"summary": "1166160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1166160"
},
{
"category": "external",
"summary": "1170205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170205"
},
{
"category": "external",
"summary": "1175400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1175400"
},
{
"category": "external",
"summary": "1176687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176687"
},
{
"category": "external",
"summary": "1182119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182119"
},
{
"category": "external",
"summary": "1182793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182793"
},
{
"category": "external",
"summary": "1182986",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182986"
},
{
"category": "external",
"summary": "1183752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183752"
},
{
"category": "external",
"summary": "1185096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185096"
},
{
"category": "external",
"summary": "1186692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186692"
},
{
"category": "external",
"summary": "1187320",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187320"
},
{
"category": "external",
"summary": "1187571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187571"
},
{
"category": "external",
"summary": "1188571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1188571"
},
{
"category": "external",
"summary": "1189857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189857"
},
{
"category": "external",
"summary": "1196412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196412"
},
{
"category": "external",
"summary": "1197758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1197758"
},
{
"category": "external",
"summary": "1198222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198222"
},
{
"category": "external",
"summary": "1198265",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198265"
},
{
"category": "external",
"summary": "1198274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198274"
},
{
"category": "external",
"summary": "1198640",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198640"
},
{
"category": "external",
"summary": "1199073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1199073"
},
{
"category": "external",
"summary": "1202457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202457"
},
{
"category": "external",
"summary": "1204880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204880"
},
{
"category": "external",
"summary": "1205653",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205653"
},
{
"category": "external",
"summary": "1206214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206214"
},
{
"category": "external",
"summary": "1206219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206219"
},
{
"category": "external",
"summary": "1207805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207805"
},
{
"category": "external",
"summary": "1212904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212904"
},
{
"category": "external",
"summary": "1213429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213429"
},
{
"category": "external",
"summary": "1215198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1215198"
},
{
"category": "external",
"summary": "1219574",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219574"
},
{
"category": "external",
"summary": "1231987",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1231987"
},
{
"category": "external",
"summary": "1232292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232292"
},
{
"category": "external",
"summary": "1235022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235022"
},
{
"category": "external",
"summary": "1247818",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1247818"
},
{
"category": "external",
"summary": "1250720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250720"
},
{
"category": "external",
"summary": "1253491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1253491"
},
{
"category": "external",
"summary": "1257369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257369"
},
{
"category": "external",
"summary": "1258619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1258619"
},
{
"category": "external",
"summary": "1265425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265425"
},
{
"category": "external",
"summary": "1268801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268801"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_2290.json"
}
],
"title": "Red Hat Security Advisory: pcs security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-11-21T17:54:08+00:00",
"generator": {
"date": "2025-11-21T17:54:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2015:2290",
"initial_release_date": "2015-11-19T04:43:53+00:00",
"revision_history": [
{
"date": "2015-11-19T04:43:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-11-19T04:43:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:54:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server High Availability (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.9.143-15.el7.src",
"product": {
"name": "pcs-0:0.9.143-15.el7.src",
"product_id": "pcs-0:0.9.143-15.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.143-15.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.143-15.el7.s390x",
"product": {
"name": "pcs-debuginfo-0:0.9.143-15.el7.s390x",
"product_id": "pcs-debuginfo-0:0.9.143-15.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.143-15.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pcs-0:0.9.143-15.el7.s390x",
"product": {
"name": "pcs-0:0.9.143-15.el7.s390x",
"product_id": "pcs-0:0.9.143-15.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.143-15.el7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.9.143-15.el7.x86_64",
"product": {
"name": "pcs-0:0.9.143-15.el7.x86_64",
"product_id": "pcs-0:0.9.143-15.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.143-15.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.143-15.el7.x86_64",
"product": {
"name": "pcs-debuginfo-0:0.9.143-15.el7.x86_64",
"product_id": "pcs-debuginfo-0:0.9.143-15.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.143-15.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.143-15.el7.s390x as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability:pcs-0:0.9.143-15.el7.s390x"
},
"product_reference": "pcs-0:0.9.143-15.el7.s390x",
"relates_to_product_reference": "7Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.143-15.el7.src as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability:pcs-0:0.9.143-15.el7.src"
},
"product_reference": "pcs-0:0.9.143-15.el7.src",
"relates_to_product_reference": "7Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.143-15.el7.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability:pcs-0:0.9.143-15.el7.x86_64"
},
"product_reference": "pcs-0:0.9.143-15.el7.x86_64",
"relates_to_product_reference": "7Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.143-15.el7.s390x as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.s390x"
},
"product_reference": "pcs-debuginfo-0:0.9.143-15.el7.s390x",
"relates_to_product_reference": "7Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.143-15.el7.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.143-15.el7.x86_64",
"relates_to_product_reference": "7Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.143-15.el7.s390x as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage:pcs-0:0.9.143-15.el7.s390x"
},
"product_reference": "pcs-0:0.9.143-15.el7.s390x",
"relates_to_product_reference": "7Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.143-15.el7.src as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage:pcs-0:0.9.143-15.el7.src"
},
"product_reference": "pcs-0:0.9.143-15.el7.src",
"relates_to_product_reference": "7Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.143-15.el7.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage:pcs-0:0.9.143-15.el7.x86_64"
},
"product_reference": "pcs-0:0.9.143-15.el7.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.143-15.el7.s390x as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.s390x"
},
"product_reference": "pcs-debuginfo-0:0.9.143-15.el7.s390x",
"relates_to_product_reference": "7Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.143-15.el7.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.143-15.el7.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tomek Rabczak"
],
"organization": "NCC Group",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-3225",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2015-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1232292"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in a way Rack processed parameters of incoming requests. An attacker could use this flaw to send a crafted request that would cause an application using Rack to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: Potential Denial of Service Vulnerability in Rack normalize_params()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.s390x",
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.src",
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.x86_64",
"7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.s390x",
"7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.x86_64",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.s390x",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.src",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.x86_64",
"7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.s390x",
"7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "RHBZ#1232292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-3225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3225"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3225",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3225"
}
],
"release_date": "2015-06-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-19T04:43:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.s390x",
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.src",
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.x86_64",
"7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.s390x",
"7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.x86_64",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.s390x",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.src",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.x86_64",
"7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.s390x",
"7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2290"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.s390x",
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.src",
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.x86_64",
"7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.s390x",
"7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.x86_64",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.s390x",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.src",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.x86_64",
"7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.s390x",
"7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-rack: Potential Denial of Service Vulnerability in Rack normalize_params()"
}
]
}
RHSA-2015_2290
Vulnerability from csaf_redhat - Published: 2015-11-19 04:43 - Updated: 2024-11-22 09:14Summary
Red Hat Security Advisory: pcs security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An updated pcs package that fixes one security issue, several bugs, and
add various enhancements is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details: The pcs package provides a configuration tool for Corosync and Pacemaker.
It permits users to easily view, modify and create Pacemaker based
clusters. The pcs package includes Rack, which provides a minimal interface
between webservers that support Ruby and Ruby frameworks.
A flaw was found in a way Rack processed parameters of incoming requests.
An attacker could use this flaw to send a crafted request that would cause
an application using Rack to crash. (CVE-2015-3225)
Red Hat would like to thank Ruby upstream developers for reporting this.
Upstream acknowledges Tomek Rabczak from the NCC Group as the original
reporter.
The pcs package has been upgraded to upstream version 0.9.143, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#1198265)
The following enhancements are described in more detail in the Red Hat
Enterprise Linux 7.2 Release Notes, linked to from the References section:
* The pcs resource move and pcs resource ban commands now display a warning
message to clarify the commands' behavior (BZ#1201452)
* New command to move a Pacemaker resource to its preferred node
(BZ#1122818)
This update also fixes the following bugs:
* Before this update, a bug caused location, ordering, and colocation
constraints related to a resource group to be removed when removing any
resource from that group. This bug has been fixed, and the constraints are
now preserved until the group has no resources left, and is removed.
(BZ#1158537)
* Previously, when a user disabled a resource clone or multi-state
resource, and then later enabled a primitive resource within it, the clone
or multi-state resource remained disabled. With this update, enabling a
resource within a disabled clone or multi-state resource enables it.
(BZ#1218979)
* When the web UI displayed a list of resource attributes, a bug caused
the list to be truncated at the first "=" character. This update fixes the
bug and now the web UI displays lists of resource attributes correctly.
(BZ#1243579)
* The documentation for the "pcs stonith confirm" command was not clear.
This could lead to incorrect usage of the command, which could in turn
cause data corruption. With this update, the documentation has been
improved and the "pcs stonith confirm" command is now more clearly
explained. (BZ#1245264)
* Previously, if there were any unauthenticated nodes, creating a new
cluster, adding a node to an existing cluster, or adding a cluster to the
web UI failed with the message "Node is not authenticated". With this
update, when the web UI detects a problem with authentication, the web UI
displays a dialog to authenticate nodes as necessary. (BZ#1158569)
* Previously, the web UI displayed only primitive resources. Thus there was
no way to set attributes, constraints and other properties separately for a
parent resource and a child resource. This has now been fixed, and
resources are displayed in a tree structure, meaning all resource elements
can be viewed and edited independently. (BZ#1189857)
In addition, this update adds the following enhancements:
* A dashboard has been added which shows the status of clusters in the web
UI. Previously, it was not possible to view all important information about
clusters in one place. Now, a dashboard showing the status of clusters has
been added to the main page of the web UI. (BZ#1158566)
* With this update, the pcsd daemon automatically synchronizes pcsd
configuration across a cluster. This enables the web UI to be run from any
node, allowing management even if any particular node is down. (BZ#1158577)
* The web UI can now be used to set permissions for users and groups on a
cluster. This allows users and groups to have their access restricted to
certain operations on certain clusters. (BZ#1158571)
All pcs users are advised to upgrade to this updated package, which
corrects these issues and add these enhancements.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in a way Rack processed parameters of incoming requests. An attacker could use this flaw to send a crafted request that would cause an application using Rack to crash.
4.3 ()
Affected products
Fixed
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-HighAvailability:pcs-0:0.9.143-15.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability:pcs-0:0.9.143-15.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability:pcs-0:0.9.143-15.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage:pcs-0:0.9.143-15.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage:pcs-0:0.9.143-15.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage:pcs-0:0.9.143-15.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
59 references
Acknowledgments
NCC Group
Tomek Rabczak
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated pcs package that fixes one security issue, several bugs, and\nadd various enhancements is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "The pcs package provides a configuration tool for Corosync and Pacemaker.\nIt permits users to easily view, modify and create Pacemaker based\nclusters. The pcs package includes Rack, which provides a minimal interface\nbetween webservers that support Ruby and Ruby frameworks.\n\nA flaw was found in a way Rack processed parameters of incoming requests.\nAn attacker could use this flaw to send a crafted request that would cause\nan application using Rack to crash. (CVE-2015-3225)\n\nRed Hat would like to thank Ruby upstream developers for reporting this.\nUpstream acknowledges Tomek Rabczak from the NCC Group as the original\nreporter.\n\nThe pcs package has been upgraded to upstream version 0.9.143, which\nprovides a number of bug fixes and enhancements over the previous version.\n(BZ#1198265)\n\nThe following enhancements are described in more detail in the Red Hat\nEnterprise Linux 7.2 Release Notes, linked to from the References section:\n\n* The pcs resource move and pcs resource ban commands now display a warning\nmessage to clarify the commands\u0027 behavior (BZ#1201452)\n\n* New command to move a Pacemaker resource to its preferred node\n(BZ#1122818)\n\nThis update also fixes the following bugs:\n\n* Before this update, a bug caused location, ordering, and colocation\nconstraints related to a resource group to be removed when removing any\nresource from that group. This bug has been fixed, and the constraints are\nnow preserved until the group has no resources left, and is removed.\n(BZ#1158537)\n\n* Previously, when a user disabled a resource clone or multi-state\nresource, and then later enabled a primitive resource within it, the clone\nor multi-state resource remained disabled. With this update, enabling a\nresource within a disabled clone or multi-state resource enables it.\n(BZ#1218979)\n\n* When the web UI displayed a list of resource attributes, a bug caused\nthe list to be truncated at the first \"=\" character. This update fixes the\nbug and now the web UI displays lists of resource attributes correctly.\n(BZ#1243579)\n\n* The documentation for the \"pcs stonith confirm\" command was not clear.\nThis could lead to incorrect usage of the command, which could in turn\ncause data corruption. With this update, the documentation has been\nimproved and the \"pcs stonith confirm\" command is now more clearly\nexplained. (BZ#1245264)\n\n* Previously, if there were any unauthenticated nodes, creating a new\ncluster, adding a node to an existing cluster, or adding a cluster to the\nweb UI failed with the message \"Node is not authenticated\". With this\nupdate, when the web UI detects a problem with authentication, the web UI\ndisplays a dialog to authenticate nodes as necessary. (BZ#1158569)\n\n* Previously, the web UI displayed only primitive resources. Thus there was\nno way to set attributes, constraints and other properties separately for a\nparent resource and a child resource. This has now been fixed, and\nresources are displayed in a tree structure, meaning all resource elements\ncan be viewed and edited independently. (BZ#1189857)\n\nIn addition, this update adds the following enhancements:\n\n* A dashboard has been added which shows the status of clusters in the web\nUI. Previously, it was not possible to view all important information about\nclusters in one place. Now, a dashboard showing the status of clusters has\nbeen added to the main page of the web UI. (BZ#1158566)\n\n* With this update, the pcsd daemon automatically synchronizes pcsd\nconfiguration across a cluster. This enables the web UI to be run from any\nnode, allowing management even if any particular node is down. (BZ#1158577)\n\n* The web UI can now be used to set permissions for users and groups on a\ncluster. This allows users and groups to have their access restricted to\ncertain operations on certain clusters. (BZ#1158571)\n\nAll pcs users are advised to upgrade to this updated package, which\ncorrects these issues and add these enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:2290",
"url": "https://access.redhat.com/errata/RHSA-2015:2290"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/High_Availability_Add-On_Reference/",
"url": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/High_Availability_Add-On_Reference/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/index.html",
"url": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/index.html"
},
{
"category": "external",
"summary": "1121791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121791"
},
{
"category": "external",
"summary": "1134426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1134426"
},
{
"category": "external",
"summary": "1148863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1148863"
},
{
"category": "external",
"summary": "1158491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1158491"
},
{
"category": "external",
"summary": "1158537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1158537"
},
{
"category": "external",
"summary": "1158571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1158571"
},
{
"category": "external",
"summary": "1163671",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163671"
},
{
"category": "external",
"summary": "1163682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163682"
},
{
"category": "external",
"summary": "1165803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1165803"
},
{
"category": "external",
"summary": "1166160",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1166160"
},
{
"category": "external",
"summary": "1170205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170205"
},
{
"category": "external",
"summary": "1175400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1175400"
},
{
"category": "external",
"summary": "1176687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1176687"
},
{
"category": "external",
"summary": "1182119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182119"
},
{
"category": "external",
"summary": "1182793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182793"
},
{
"category": "external",
"summary": "1182986",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182986"
},
{
"category": "external",
"summary": "1183752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1183752"
},
{
"category": "external",
"summary": "1185096",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185096"
},
{
"category": "external",
"summary": "1186692",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186692"
},
{
"category": "external",
"summary": "1187320",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187320"
},
{
"category": "external",
"summary": "1187571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187571"
},
{
"category": "external",
"summary": "1188571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1188571"
},
{
"category": "external",
"summary": "1189857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189857"
},
{
"category": "external",
"summary": "1196412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196412"
},
{
"category": "external",
"summary": "1197758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1197758"
},
{
"category": "external",
"summary": "1198222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198222"
},
{
"category": "external",
"summary": "1198265",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198265"
},
{
"category": "external",
"summary": "1198274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198274"
},
{
"category": "external",
"summary": "1198640",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198640"
},
{
"category": "external",
"summary": "1199073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1199073"
},
{
"category": "external",
"summary": "1202457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202457"
},
{
"category": "external",
"summary": "1204880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204880"
},
{
"category": "external",
"summary": "1205653",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205653"
},
{
"category": "external",
"summary": "1206214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206214"
},
{
"category": "external",
"summary": "1206219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206219"
},
{
"category": "external",
"summary": "1207805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207805"
},
{
"category": "external",
"summary": "1212904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212904"
},
{
"category": "external",
"summary": "1213429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1213429"
},
{
"category": "external",
"summary": "1215198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1215198"
},
{
"category": "external",
"summary": "1219574",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219574"
},
{
"category": "external",
"summary": "1231987",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1231987"
},
{
"category": "external",
"summary": "1232292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232292"
},
{
"category": "external",
"summary": "1235022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1235022"
},
{
"category": "external",
"summary": "1247818",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1247818"
},
{
"category": "external",
"summary": "1250720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250720"
},
{
"category": "external",
"summary": "1253491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1253491"
},
{
"category": "external",
"summary": "1257369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257369"
},
{
"category": "external",
"summary": "1258619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1258619"
},
{
"category": "external",
"summary": "1265425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265425"
},
{
"category": "external",
"summary": "1268801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1268801"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_2290.json"
}
],
"title": "Red Hat Security Advisory: pcs security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-22T09:14:12+00:00",
"generator": {
"date": "2024-11-22T09:14:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2015:2290",
"initial_release_date": "2015-11-19T04:43:53+00:00",
"revision_history": [
{
"date": "2015-11-19T04:43:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-11-19T04:43:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T09:14:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server High Availability (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.9.143-15.el7.src",
"product": {
"name": "pcs-0:0.9.143-15.el7.src",
"product_id": "pcs-0:0.9.143-15.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.143-15.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.143-15.el7.s390x",
"product": {
"name": "pcs-debuginfo-0:0.9.143-15.el7.s390x",
"product_id": "pcs-debuginfo-0:0.9.143-15.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.143-15.el7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pcs-0:0.9.143-15.el7.s390x",
"product": {
"name": "pcs-0:0.9.143-15.el7.s390x",
"product_id": "pcs-0:0.9.143-15.el7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.143-15.el7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.9.143-15.el7.x86_64",
"product": {
"name": "pcs-0:0.9.143-15.el7.x86_64",
"product_id": "pcs-0:0.9.143-15.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.143-15.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.143-15.el7.x86_64",
"product": {
"name": "pcs-debuginfo-0:0.9.143-15.el7.x86_64",
"product_id": "pcs-debuginfo-0:0.9.143-15.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.143-15.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.143-15.el7.s390x as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability:pcs-0:0.9.143-15.el7.s390x"
},
"product_reference": "pcs-0:0.9.143-15.el7.s390x",
"relates_to_product_reference": "7Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.143-15.el7.src as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability:pcs-0:0.9.143-15.el7.src"
},
"product_reference": "pcs-0:0.9.143-15.el7.src",
"relates_to_product_reference": "7Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.143-15.el7.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability:pcs-0:0.9.143-15.el7.x86_64"
},
"product_reference": "pcs-0:0.9.143-15.el7.x86_64",
"relates_to_product_reference": "7Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.143-15.el7.s390x as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.s390x"
},
"product_reference": "pcs-debuginfo-0:0.9.143-15.el7.s390x",
"relates_to_product_reference": "7Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.143-15.el7.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.143-15.el7.x86_64",
"relates_to_product_reference": "7Server-HighAvailability"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.143-15.el7.s390x as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage:pcs-0:0.9.143-15.el7.s390x"
},
"product_reference": "pcs-0:0.9.143-15.el7.s390x",
"relates_to_product_reference": "7Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.143-15.el7.src as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage:pcs-0:0.9.143-15.el7.src"
},
"product_reference": "pcs-0:0.9.143-15.el7.src",
"relates_to_product_reference": "7Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.143-15.el7.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage:pcs-0:0.9.143-15.el7.x86_64"
},
"product_reference": "pcs-0:0.9.143-15.el7.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.143-15.el7.s390x as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.s390x"
},
"product_reference": "pcs-debuginfo-0:0.9.143-15.el7.s390x",
"relates_to_product_reference": "7Server-ResilientStorage"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.143-15.el7.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.143-15.el7.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tomek Rabczak"
],
"organization": "NCC Group",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2015-3225",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2015-06-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1232292"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in a way Rack processed parameters of incoming requests. An attacker could use this flaw to send a crafted request that would cause an application using Rack to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-rack: Potential Denial of Service Vulnerability in Rack normalize_params()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.s390x",
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.src",
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.x86_64",
"7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.s390x",
"7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.x86_64",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.s390x",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.src",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.x86_64",
"7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.s390x",
"7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "RHBZ#1232292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232292"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-3225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3225"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3225",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3225"
}
],
"release_date": "2015-06-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-11-19T04:43:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.s390x",
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.src",
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.x86_64",
"7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.s390x",
"7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.x86_64",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.s390x",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.src",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.x86_64",
"7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.s390x",
"7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:2290"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.s390x",
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.src",
"7Server-HighAvailability:pcs-0:0.9.143-15.el7.x86_64",
"7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.s390x",
"7Server-HighAvailability:pcs-debuginfo-0:0.9.143-15.el7.x86_64",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.s390x",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.src",
"7Server-ResilientStorage:pcs-0:0.9.143-15.el7.x86_64",
"7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.s390x",
"7Server-ResilientStorage:pcs-debuginfo-0:0.9.143-15.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-rack: Potential Denial of Service Vulnerability in Rack normalize_params()"
}
]
}
SUSE-SU-2015:1522-1
Vulnerability from csaf_suse - Published: 2015-09-04 07:36 - Updated: 2015-09-04 07:36Summary
Security update for rubygem-rack-1_4
Severity
Moderate
Notes
Title of the patch: Security update for rubygem-rack-1_4
Description of the patch: rubygem-rack-1_4 was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service. (bsc#934797)
Patchnames: sdksp3-rubygem-rack-1_4-12076,sdksp4-rubygem-rack-1_4-12076,sleslms13-rubygem-rack-1_4-12076,slestso13-rubygem-rack-1_4-12076,slewyst13-rubygem-rack-1_4-12076
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Lifecycle Management Server 1.3:rubygem-rack-1_4-1.4.5-0.7.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Studio Onsite 1.3:rubygem-rack-1_4-1.4.5-0.7.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-rack-1_4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "rubygem-rack-1_4 was updated to fix one security issue.\n\nThis security issue was fixed:\n\n- CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service. (bsc#934797)\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp3-rubygem-rack-1_4-12076,sdksp4-rubygem-rack-1_4-12076,sleslms13-rubygem-rack-1_4-12076,slestso13-rubygem-rack-1_4-12076,slewyst13-rubygem-rack-1_4-12076",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1522-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1522-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151522-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1522-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-September/001584.html"
},
{
"category": "self",
"summary": "SUSE Bug 934797",
"url": "https://bugzilla.suse.com/934797"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
}
],
"title": "Security update for rubygem-rack-1_4",
"tracking": {
"current_release_date": "2015-09-04T07:36:21Z",
"generator": {
"date": "2015-09-04T07:36:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1522-1",
"initial_release_date": "2015-09-04T07:36:21Z",
"revision_history": [
{
"date": "2015-09-04T07:36:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rubygem-rack-1_4-1.4.5-0.7.3.i586",
"product": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.i586",
"product_id": "rubygem-rack-1_4-1.4.5-0.7.3.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-rack-1_4-1.4.5-0.7.3.ia64",
"product": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.ia64",
"product_id": "rubygem-rack-1_4-1.4.5-0.7.3.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-rack-1_4-1.4.5-0.7.3.ppc64",
"product": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.ppc64",
"product_id": "rubygem-rack-1_4-1.4.5-0.7.3.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-rack-1_4-1.4.5-0.7.3.s390x",
"product": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.s390x",
"product_id": "rubygem-rack-1_4-1.4.5-0.7.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-rack-1_4-1.4.5-0.7.3.x86_64",
"product": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.x86_64",
"product_id": "rubygem-rack-1_4-1.4.5-0.7.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Lifecycle Management Server 1.3",
"product": {
"name": "SUSE Lifecycle Management Server 1.3",
"product_id": "SUSE Lifecycle Management Server 1.3",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-slms:1.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Studio Onsite 1.3",
"product": {
"name": "SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-studioonsite:1.3"
}
}
},
{
"category": "product_name",
"name": "SUSE WebYast 1.3",
"product": {
"name": "SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:webyast:1.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.i586"
},
"product_reference": "rubygem-rack-1_4-1.4.5-0.7.3.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.ia64"
},
"product_reference": "rubygem-rack-1_4-1.4.5-0.7.3.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.ppc64"
},
"product_reference": "rubygem-rack-1_4-1.4.5-0.7.3.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.s390x"
},
"product_reference": "rubygem-rack-1_4-1.4.5-0.7.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.x86_64"
},
"product_reference": "rubygem-rack-1_4-1.4.5-0.7.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.i586"
},
"product_reference": "rubygem-rack-1_4-1.4.5-0.7.3.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.ia64"
},
"product_reference": "rubygem-rack-1_4-1.4.5-0.7.3.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.ppc64"
},
"product_reference": "rubygem-rack-1_4-1.4.5-0.7.3.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.s390x"
},
"product_reference": "rubygem-rack-1_4-1.4.5-0.7.3.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.x86_64"
},
"product_reference": "rubygem-rack-1_4-1.4.5-0.7.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.x86_64 as component of SUSE Lifecycle Management Server 1.3",
"product_id": "SUSE Lifecycle Management Server 1.3:rubygem-rack-1_4-1.4.5-0.7.3.x86_64"
},
"product_reference": "rubygem-rack-1_4-1.4.5-0.7.3.x86_64",
"relates_to_product_reference": "SUSE Lifecycle Management Server 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.x86_64 as component of SUSE Studio Onsite 1.3",
"product_id": "SUSE Studio Onsite 1.3:rubygem-rack-1_4-1.4.5-0.7.3.x86_64"
},
"product_reference": "rubygem-rack-1_4-1.4.5-0.7.3.x86_64",
"relates_to_product_reference": "SUSE Studio Onsite 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.i586 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.i586"
},
"product_reference": "rubygem-rack-1_4-1.4.5-0.7.3.i586",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.ia64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.ia64"
},
"product_reference": "rubygem-rack-1_4-1.4.5-0.7.3.ia64",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.ppc64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.ppc64"
},
"product_reference": "rubygem-rack-1_4-1.4.5-0.7.3.ppc64",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.s390x as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.s390x"
},
"product_reference": "rubygem-rack-1_4-1.4.5-0.7.3.s390x",
"relates_to_product_reference": "SUSE WebYast 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1_4-1.4.5-0.7.3.x86_64 as component of SUSE WebYast 1.3",
"product_id": "SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.x86_64"
},
"product_reference": "rubygem-rack-1_4-1.4.5-0.7.3.x86_64",
"relates_to_product_reference": "SUSE WebYast 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Lifecycle Management Server 1.3:rubygem-rack-1_4-1.4.5-0.7.3.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.x86_64",
"SUSE Studio Onsite 1.3:rubygem-rack-1_4-1.4.5-0.7.3.x86_64",
"SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.i586",
"SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.ia64",
"SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.ppc64",
"SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.s390x",
"SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Lifecycle Management Server 1.3:rubygem-rack-1_4-1.4.5-0.7.3.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1_4-1.4.5-0.7.3.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.7.3.x86_64",
"SUSE Studio Onsite 1.3:rubygem-rack-1_4-1.4.5-0.7.3.x86_64",
"SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.i586",
"SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.ia64",
"SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.ppc64",
"SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.s390x",
"SUSE WebYast 1.3:rubygem-rack-1_4-1.4.5-0.7.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-09-04T07:36:21Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
}
]
}
SUSE-SU-2015:1888-1
Vulnerability from csaf_suse - Published: 2015-09-01 14:35 - Updated: 2015-09-01 14:35Summary
Security update for rubygem-rack
Severity
Moderate
Notes
Title of the patch: Security update for rubygem-rack
Description of the patch: rubygem-rack was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service (bsc#934797).
Patchnames: sdksp3-rubygem-rack-12182,sleslms13-rubygem-rack-12182
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Lifecycle Management Server 1.3:rubygem-rack-1.1.6-0.11.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-rack",
"title": "Title of the patch"
},
{
"category": "description",
"text": "rubygem-rack was updated to fix one security issue.\n\nThis security issue was fixed:\n- CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service (bsc#934797).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp3-rubygem-rack-12182,sleslms13-rubygem-rack-12182",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1888-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:1888-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151888-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:1888-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-November/001658.html"
},
{
"category": "self",
"summary": "SUSE Bug 934797",
"url": "https://bugzilla.suse.com/934797"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
}
],
"title": "Security update for rubygem-rack",
"tracking": {
"current_release_date": "2015-09-01T14:35:10Z",
"generator": {
"date": "2015-09-01T14:35:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:1888-1",
"initial_release_date": "2015-09-01T14:35:10Z",
"revision_history": [
{
"date": "2015-09-01T14:35:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rubygem-rack-1.1.6-0.11.2.i586",
"product": {
"name": "rubygem-rack-1.1.6-0.11.2.i586",
"product_id": "rubygem-rack-1.1.6-0.11.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-rack-1.1.6-0.11.2.ia64",
"product": {
"name": "rubygem-rack-1.1.6-0.11.2.ia64",
"product_id": "rubygem-rack-1.1.6-0.11.2.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-rack-1.1.6-0.11.2.ppc64",
"product": {
"name": "rubygem-rack-1.1.6-0.11.2.ppc64",
"product_id": "rubygem-rack-1.1.6-0.11.2.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-rack-1.1.6-0.11.2.s390x",
"product": {
"name": "rubygem-rack-1.1.6-0.11.2.s390x",
"product_id": "rubygem-rack-1.1.6-0.11.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rubygem-rack-1.1.6-0.11.2.x86_64",
"product": {
"name": "rubygem-rack-1.1.6-0.11.2.x86_64",
"product_id": "rubygem-rack-1.1.6-0.11.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Lifecycle Management Server 1.3",
"product": {
"name": "SUSE Lifecycle Management Server 1.3",
"product_id": "SUSE Lifecycle Management Server 1.3",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-slms:1.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1.1.6-0.11.2.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.i586"
},
"product_reference": "rubygem-rack-1.1.6-0.11.2.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1.1.6-0.11.2.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.ia64"
},
"product_reference": "rubygem-rack-1.1.6-0.11.2.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1.1.6-0.11.2.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.ppc64"
},
"product_reference": "rubygem-rack-1.1.6-0.11.2.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1.1.6-0.11.2.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.s390x"
},
"product_reference": "rubygem-rack-1.1.6-0.11.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1.1.6-0.11.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.x86_64"
},
"product_reference": "rubygem-rack-1.1.6-0.11.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rack-1.1.6-0.11.2.x86_64 as component of SUSE Lifecycle Management Server 1.3",
"product_id": "SUSE Lifecycle Management Server 1.3:rubygem-rack-1.1.6-0.11.2.x86_64"
},
"product_reference": "rubygem-rack-1.1.6-0.11.2.x86_64",
"relates_to_product_reference": "SUSE Lifecycle Management Server 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Lifecycle Management Server 1.3:rubygem-rack-1.1.6-0.11.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Lifecycle Management Server 1.3:rubygem-rack-1.1.6-0.11.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-rack-1.1.6-0.11.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-09-01T14:35:10Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
}
]
}
SUSE-SU-2015:2190-1
Vulnerability from csaf_suse - Published: 2015-12-03 14:46 - Updated: 2015-12-03 14:46Summary
Security update for rubygem-rack-1_4
Severity
Moderate
Notes
Title of the patch: Security update for rubygem-rack-1_4
Description of the patch: rubygem-rack-1_4 was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service (bsc#934797).
Patchnames: SUSE-SLE-Module-Containers-12-2015-938,SUSE-Storage-1.0-2015-938,SUSE-Storage-2-2015-938
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 1.0:ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 2:ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-rack-1_4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "rubygem-rack-1_4 was updated to fix one security issue.\n\nThis security issue was fixed:\n- CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service (bsc#934797).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Containers-12-2015-938,SUSE-Storage-1.0-2015-938,SUSE-Storage-2-2015-938",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2190-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:2190-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20152190-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:2190-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-December/001716.html"
},
{
"category": "self",
"summary": "SUSE Bug 934797",
"url": "https://bugzilla.suse.com/934797"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
}
],
"title": "Security update for rubygem-rack-1_4",
"tracking": {
"current_release_date": "2015-12-03T14:46:36Z",
"generator": {
"date": "2015-12-03T14:46:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:2190-1",
"initial_release_date": "2015-12-03T14:46:36Z",
"revision_history": [
{
"date": "2015-12-03T14:46:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64",
"product": {
"name": "ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64",
"product_id": "ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 12",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 1.0",
"product": {
"name": "SUSE Enterprise Storage 1.0",
"product_id": "SUSE Enterprise Storage 1.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:1.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 2",
"product": {
"name": "SUSE Enterprise Storage 2",
"product_id": "SUSE Enterprise Storage 2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64"
},
"product_reference": "ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64 as component of SUSE Enterprise Storage 1.0",
"product_id": "SUSE Enterprise Storage 1.0:ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64"
},
"product_reference": "ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64 as component of SUSE Enterprise Storage 2",
"product_id": "SUSE Enterprise Storage 2:ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64"
},
"product_reference": "ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 1.0:ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64",
"SUSE Enterprise Storage 2:ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64",
"SUSE Linux Enterprise Module for Containers 12:ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 1.0:ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64",
"SUSE Enterprise Storage 2:ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64",
"SUSE Linux Enterprise Module for Containers 12:ruby2.1-rubygem-rack-1_4-1.4.5-8.10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-12-03T14:46:36Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
}
]
}
SUSE-SU-2015:2274-1
Vulnerability from csaf_suse - Published: 2015-12-15 20:27 - Updated: 2015-12-15 20:27Summary
Security update for rubygem-rack
Severity
Moderate
Notes
Title of the patch: Security update for rubygem-rack
Description of the patch: rubygem-rack was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service (bsc#934797).
Patchnames: sleclo50sp3-rubygem-rack-12261
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE OpenStack Cloud 5:ruby2.1-rubygem-rack-1.5.2-9.6.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rubygem-rack",
"title": "Title of the patch"
},
{
"category": "description",
"text": "rubygem-rack was updated to fix one security issue.\n\nThis security issue was fixed:\n- CVE-2015-3225: Crafted requests could have caused a SystemStackError leading to Denial of Service (bsc#934797).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleclo50sp3-rubygem-rack-12261",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2274-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:2274-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20152274-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:2274-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-December/001734.html"
},
{
"category": "self",
"summary": "SUSE Bug 934797",
"url": "https://bugzilla.suse.com/934797"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3225 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3225/"
}
],
"title": "Security update for rubygem-rack",
"tracking": {
"current_release_date": "2015-12-15T20:27:51Z",
"generator": {
"date": "2015-12-15T20:27:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:2274-1",
"initial_release_date": "2015-12-15T20:27:51Z",
"revision_history": [
{
"date": "2015-12-15T20:27:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.1-rubygem-rack-1.5.2-9.6.x86_64",
"product": {
"name": "ruby2.1-rubygem-rack-1.5.2-9.6.x86_64",
"product_id": "ruby2.1-rubygem-rack-1.5.2-9.6.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 5",
"product": {
"name": "SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:cloud:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.1-rubygem-rack-1.5.2-9.6.x86_64 as component of SUSE OpenStack Cloud 5",
"product_id": "SUSE OpenStack Cloud 5:ruby2.1-rubygem-rack-1.5.2-9.6.x86_64"
},
"product_reference": "ruby2.1-rubygem-rack-1.5.2-9.6.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3225"
}
],
"notes": [
{
"category": "general",
"text": "lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-rack-1.5.2-9.6.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3225",
"url": "https://www.suse.com/security/cve/CVE-2015-3225"
},
{
"category": "external",
"summary": "SUSE Bug 934797 for CVE-2015-3225",
"url": "https://bugzilla.suse.com/934797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE OpenStack Cloud 5:ruby2.1-rubygem-rack-1.5.2-9.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-12-15T20:27:51Z",
"details": "moderate"
}
],
"title": "CVE-2015-3225"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…