Lucene search

K

Redhat.comRH:CVE-2024-25126

HistoryFeb 23, 2024 - 3:01 a.m.

CVE-2024-25126

2024-02-2303:01:38

redhat.com

access.redhat.com

8

dos vulnerability

rubygem-rack

content-type parsing

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

A denial of service (DoS) vulnerability was found in rubygem-rack in how it parses Content-Type. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability.

Mitigation

No mitigation is currently available for this vulnerability. The recommendation is to perform updates as soon as they are available.

References

bugzilla.redhat.com/show_bug.cgi?id=2265593

discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941

nvd.nist.gov/vuln/detail/CVE-2024-25126

www.cve.org/CVERecord?id=CVE-2024-25126

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

Related for RH:CVE-2024-25126

debiancve1 cvelist1 cve1 osv8 cgr1 wolfi1 veracode1 github1 prion1 nvd1 ubuntucve1 hackerone1 rubygems1 nessus19 redhat8 oraclelinux2 rocky1 openvas5 mageia1 amazon1 debian2 almalinux2 redos1 ubuntu1