Описание
Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the Rack::Utils.byte_ranges methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.
A denial of service (DoS) vulnerability was found in rubygem-rack in how it parses Range Header. Carefully crafted range headers can cause a server to respond with an unexpectedly large response. Responding with large responses could lead to a denial of service issue.
Отчет
Red Hat rates this vulnerability as a Moderate impact as this requires a specifically crafted response.
Меры по смягчению последствий
No mitigation is currently available for this vulnerability. The recommendation is to perform updates as soon as they are available.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/fluentd-rhel8 | Not affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp-backend-container | Will not fix | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp-system-container | Fix deferred | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp-zync-container | Will not fix | ||
| Red Hat Enterprise Linux 7 | pcs | Out of support scope | ||
| Red Hat Enterprise Linux 8 | pcs | Fixed | RHSA-2024:2953 | 22.05.2024 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | pcs | Fixed | RHSA-2024:2007 | 23.04.2024 |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | pcs | Fixed | RHSA-2024:2007 | 23.04.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | pcs | Fixed | RHSA-2024:2584 | 30.04.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | pcs | Fixed | RHSA-2024:2584 | 30.04.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.
Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.
Rack is a modular Ruby web server interface. Carefully crafted Range h ...
Уязвимость интерфейса модуля Rack интерпретатора языка программирования Ruby, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.3 Medium
CVSS3