CVSS: 5.3EPSS: 6%CPEs: 7EXPL: 0CVE-2015-3225 – rubygem-rack: Potential Denial of Service Vulnerability in Rack normalize_params()
https://notcve.org/view.php?id=CVE-2015-3225
26 Jul 2015 — lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. Vulnerabilidad en lib/rack/utils.rb en Rack en versiones anteriores a 1.5.4 y 1.6.x anteriores a 1.6.2, tal como se utiliza con Ruby on Rails en versiones 3.x y 4.x y en otros productos, permite a atacantes remotos provocar una denegación de servicio (SystemStackError) a tr... • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html • CWE-19: Data Processing Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2012-6109 – rubygem-rack: parsing Content-Disposition header DoS
https://notcve.org/view.php?id=CVE-2012-6109
01 Mar 2013 — lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header. lib/rack/multipart.rb en Rack anterior a v1.1.4 anterior a v1.1.5, v1.2.x anterior a v1.2.6, v1.3.x anterior a v1.3.7, y v1.4.x anterior a v1.4.2, emplea incorrectamente las expresiones regulares lo que permite a atacantes remotos provocar una denegaci... • http://rack.github.com • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 1CVE-2011-5036 – Debian Security Advisory 2783-2
https://notcve.org/view.php?id=CVE-2011-5036
30 Dec 2011 — Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Rack anterior a v1.1.3, v1.2.x anterior a v1.2.5, v1.3.6 y v1.3.x calcula los valores hash de los parámetros de forma, sin restringir la capacidad de desencadenar colisiones hash predecible, lo que permite a atacantes remoto... • http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html • CWE-310: Cryptographic Issues •