1. CVE-Search
  2. CVE-2015-3227
ID CVE-2015-3227
Summary The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
References
Vulnerable Configurations
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 08-08-2019 - 15:43)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 75234
debian DSA-3464
mlist
  • [oss-security] 20150616 [CVE-2015-3227] Possible Denial of Service attack in Active Support
  • [rubyonrails-security] 20150616 [CVE-2015-3227] Possible Denial of Service attack in Active Support
sectrack 1033755
suse openSUSE-SU-2015:1279
Last major update 08-08-2019 - 15:43
Published 26-07-2015 - 22:59
Last modified 08-08-2019 - 15:43
Back to Top