CVE-2015-3227

Опубликовано: 26 июл. 2015

Источник: ubuntu

Приоритет: low

EPSS Низкий

CVSS2: 5

Описание

The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.

Релиз	Статус	Примечание
artful	not-affected	2:4.2.5-1
bionic	not-affected	2:4.2.5-1
cosmic	not-affected	2:4.2.5-1
devel	not-affected	2:4.2.5-1
disco	not-affected	2:4.2.5-1
esm-apps/bionic	not-affected	2:4.2.5-1
esm-apps/xenial	not-affected	2:4.2.5-1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected [contains no code]]
precise	not-affected	contains no code
precise/esm	DNE	precise was not-affected [contains no code]

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected [4.0.2+dfsg-2]]
precise	DNE
precise/esm	DNE
trusty	not-affected	4.0.2+dfsg-2
trusty/esm	DNE	trusty was not-affected [4.0.2+dfsg-2]

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE
precise	ignored	end of life
precise/esm	DNE	precise was needs-triage
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected [code not present]]
precise	DNE
precise/esm	DNE
trusty	not-affected	code not present
trusty/esm	DNE	trusty was not-affected [code not present]

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE
precise	ignored	end of life
precise/esm	DNE	precise was needs-triage
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected [code not present]]
precise	DNE
precise/esm	DNE
trusty	not-affected	code not present
trusty/esm	DNE	trusty was not-affected [code not present]

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE
precise	ignored	end of life
precise/esm	DNE	precise was needs-triage
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needed]
precise	DNE
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was needed

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE
precise	ignored	end of life
precise/esm	DNE	precise was needs-triage
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected [code not present]]
precise	DNE
precise/esm	DNE
trusty	not-affected	code not present
trusty/esm	DNE	trusty was not-affected [code not present]

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2015-3227

EPSS

Процентиль: 85%

0.02683

Низкий

5 Medium

CVSS2

Связанные уязвимости

CVE-2015-3227

redhat

больше 10 лет назад

CVE-2015-3227

nvd

больше 10 лет назад

CVE-2015-3227

debian

больше 10 лет назад

The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby ...

SUSE-SU-2016:0047-1

suse-cvrf

около 10 лет назад

Security update for rubygem-activesupport-3_2

GHSA-j96r-xvjq-r9pg

github

больше 8 лет назад

activesupport vulnerable to Denial of Service via large XML document depth

EPSS

Процентиль: 85%

0.02683

Низкий

5 Medium

CVSS2

CVE-2015-3227

Описание

Пакет rails

Пакет rails-4.0

Пакет ruby-actionpack-2.3

Пакет ruby-actionpack-3.2

Пакет ruby-activerecord-2.3

Пакет ruby-activerecord-3.2

Пакет ruby-activesupport-2.3

Пакет ruby-activesupport-3.2

Пакет ruby-rails-2.3

Пакет ruby-rails-3.2

Ссылки на источники

Связанные уязвимости