CVE-2015-3225

CVE-2015-3225: Rack (lib/rack/utils.rb) before 1.5.4 and 1.6.x before 1.6.2 allows remote abuse via requests with very large parameter depth, causing SystemStackError DoS. Public references confirm this is a vulnerability in Rack used with Rails 3.x/4.x. Remediation in public advisories: upgrade ...

Possible Denial of Service

Specially crafted XML documents can cause applications to raise a SystemStackError and potentially cause a denial of service attack. This nonly impacts applications using REXML or JDOM as their XML processor. Other XML processors that Rails supports are not impacted...

[SECURITY] [DLA 254-1] librack-ruby security update

Package : librack-ruby Version : 1.1.0-4+squeeze3 CVE ID : CVE-2015-3225 There is a potential denial of service vulnerability in Rack, a modular Ruby webserver interface. Carefully crafted requests can cause a SystemStackError and cause a denial of service attack by exploiting the lack of a...

Potential Denial of Service Vulnerability in Rack

Carefully crafted requests can cause a SystemStackError and potentially cause a denial of service attack. All users running an affected release should upgrade...

Possible Denial of Service attack in Active Support

Specially crafted XML documents can cause applications to raise a SystemStackError and potentially cause a denial of service attack. This only impacts applications using REXML or JDOM as their XML processor. Other XML processors that Rails supports are not impacted. All users running an affected...

Ruby on Rails: Denial of Service in Action Pack Exception Handling

Severity Medium Impact Attackers can cause an application to be unreachable, causing a denial of service condition. Details When a Rails application receives a request with either body or query parameters, these parameters are converted to a params hash. Hashes can be passed to the application in...