Описание
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.
Отчет
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue did not affect the versions of rubygem-actionmailer as shipped with Red Hat Subscription Asset Manager 1 as they do not include support for sending email using user supplied addresses.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Enterprise 1 | ruby193-rubygem-actionmailer | Will not fix | ||
| Red Hat OpenStack Platform 3 | ruby193-rubygem-actionmailer | Will not fix | ||
| Red Hat OpenStack Platform 4 | ruby193-rubygem-actionmailer | Will not fix | ||
| Red Hat Satellite 6 | ruby193-rubygem-actionmailer | Will not fix | ||
| Red Hat Software Collections | ruby193-rubygem-actionmailer | Will not fix | ||
| Red Hat Subscription Asset Manager | ruby193-rubygem-actionmailer | Will not fix | ||
| Red Hat Subscription Asset Manager | rubygem-actionmailer | Not affected | ||
| CloudForms Management Engine 5.4 | cfme | Fixed | RHBA-2015:1100 | 16.06.2015 |
| CloudForms Management Engine 5.4 | cfme-gemset | Fixed | RHBA-2015:1100 | 16.06.2015 |
| CloudForms Management Engine 5.4 | cfme-vnc-plugin | Fixed | RHBA-2015:1100 | 16.06.2015 |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS2
Связанные уязвимости
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.
Multiple format string vulnerabilities in log_subscriber.rb files in t ...
actionmailer email address processing causes Denial of service
5 Medium
CVSS2