Уязвимость функции actionpack/lib/action_dispatch/routing/route_set.rb компонента Action Pack программной платформы Ruby on Rails связана с…

CVSS

5.0

Medium

EPSS

0.00

Published

2016-01-01

Updated

2016-01-01

Description

Уязвимость функции actionpack/lib/action_dispatch/routing/route_set.rb компонента Action Pack программной платформы Ruby on Rails связана с ошибками управления ресурсом. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании (расходование памяти)

Affected products

Rails core team Ruby on railsRails core team Ruby on railsRails core team Ruby on railsRails core team Ruby on railsRails core team Ruby on railsRails core team Ruby on railsRails core team Ruby on railsRails core team Ruby on rails

CVSS vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Timeline

2016-01-01

Published

2016-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Authentication

Au: N

None (N)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: N

None (N)

Availability Impact

A: P

Partial

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected software

Product	Vendor	Status
ruby on rails	rails core team	Tracked
ruby on rails	rails core team	Tracked
ruby on rails	rails core team	Tracked
ruby on rails	rails core team	Tracked
ruby on rails	rails core team	Tracked
ruby on rails	rails core team	Tracked
ruby on rails	rails core team	Tracked
ruby on rails	rails core team	Tracked

Source databases

BDU

Related vulnerabilities

CVE-2015-7581

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7581@https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ@http://www.openwall.com/lists/oss-security/2016/01/25/16