Описание
A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 2.2.7-1 |
| esm-apps/bionic | released | 1.6.4-4ubuntu0.2+esm4 |
| esm-apps/focal | released | 2.0.7-2ubuntu0.1+esm3 |
| esm-apps/jammy | released | 2.1.4-5ubuntu1+esm3 |
| esm-apps/xenial | released | 1.6.4-3ubuntu0.2+esm4 |
| esm-infra-legacy/trusty | not-affected | 1.5.2-3+deb8u3ubuntu1~esm6 |
| focal | ignored | end of standard support, was needed |
| jammy | released | 2.1.4-5ubuntu1.1 |
| kinetic | ignored | end of life, was needed |
Показывать по
Ссылки на источники
7.5 High
CVSS3
Связанные уязвимости
A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.
A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.
A denial of service vulnerability in the Range header parsing componen ...
Уязвимость компонента анализа заголовка Range модульного интерфейса между веб-серверами и веб-приложениями Rack, позволяющая нарушителю вызвать отказ в обслуживании
7.5 High
CVSS3