V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2015-3225
DEB
Medium

lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote att…

CVSS
4.3
Medium
EPSS
0.08
p93
Published
2015-01-01
Updated
2015-01-01
Description

lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.

Tags · CWE
CWE-19
CWE-400
CAPEC-147
CAPEC-227
CAPEC-492
Affected products
SoappySoappyCreaterepo_cCreaterepo_cFacterFacterGoferGoferHieraHieraKoboKoboLibrack-rubyLibstemmerLibstemmerLibwebsocketsLibwebsocketsLiquibaseLiquibaseMod_xsendfile
CVSS vector
AV:N/AC:M/Au:N/C:N/I:N/A:P
Timeline
2015-01-01
Published
2015-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: M
Medium
Authentication
Au: N
None (N)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: N
None (N)
Availability Impact
A: P
Partial
Exploit indicators
EPSS
0.078 · p93
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-227 · CWE-400
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
SOAPpyTracked
SOAPpyTracked
createrepo_cTracked
createrepo_cTracked
facterTracked
facterTracked
goferTracked
goferTracked
hieraTracked
hieraTracked
koboTracked
koboTracked
librack-rubyTracked
libstemmerTracked
libstemmerTracked
libwebsocketsTracked
libwebsocketsTracked
liquibaseTracked
liquibaseTracked
mod_xsendfileTracked
Showing first 20 of 411
Source databases
DEB
CVE
RED
UBU