CVE-2013-6414

Опубликовано: 03 дек. 2013

Источник: redhat

CVSS2: 5

Описание

actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.

A denial of service flaw was found in the header handling component of Action View. A remote attacker could send strings in specially crafted headers that would be cached indefinitely, which would result in all available system memory eventually being consumed.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
CloudForms Management Engine 5	ruby193-rubygem-actionpack	Will not fix
OpenShift Enterprise 1	ruby193-rubygem-actionpack	Will not fix
Red Hat OpenStack Platform 4	ruby193-rubygem-actionpack	Not affected
Red Hat Satellite 6	ruby193-rubygem-actionpack	Affected
Red Hat Software Collections	ror40-rubygem-actionpack	Not affected
Red Hat Subscription Asset Manager	rubygem-actionpack	Affected
OpenStack 3 for RHEL 6	ruby193-rubygem-actionpack	Fixed	RHSA-2014:0008	06.01.2014
Red Hat Software Collections for RHEL-6	ruby193-rubygem-actionpack	Fixed	RHSA-2013:1794	05.12.2013
Red Hat Subscription Asset Manager 1.4	katello	Fixed	RHSA-2014:1863	17.11.2014
Red Hat Subscription Asset Manager 1.4	ruby193-rubygem-actionmailer	Fixed	RHSA-2014:1863	17.11.2014