CVE-2019-5419
rubygem-actionpack: denial of service vulnerability in Action View
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
Hay una posible vulnerabilidad de denegación de servicio (DoS) en la vista de acción en Rails, en versiones anteriores a las 5.2.2.1, 5.1.6.2, 5.0.7.2 y 4.2.11.1 donde las cabeceras de aceptación especialmente manipuladas pueden provocar que dicha vista consuma el 100 % de la CPU y haga que el servidor deje de responder.
Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include database disclosure, denial of service, and traversal vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-04 CVE Reserved
- 2019-03-27 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-400: Uncontrolled Resource Consumption
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI | X_refsource_confirm | |
| https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2019/03/22/1 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | < 4.2.11.1 Search vendor "Rubyonrails" for product "Rails" and version " < 4.2.11.1" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | >= 5.0.0 < 5.0.7.2 Search vendor "Rubyonrails" for product "Rails" and version " >= 5.0.0 < 5.0.7.2" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | >= 5.1.0 < 5.1.6.2 Search vendor "Rubyonrails" for product "Rails" and version " >= 5.1.0 < 5.1.6.2" | - |
Affected
| ||||||
| Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | >= 5.2.0 < 5.2.2.1 Search vendor "Rubyonrails" for product "Rails" and version " >= 5.2.0 < 5.2.2.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Cloudforms Search vendor "Redhat" for product "Cloudforms" | 4.6 Search vendor "Redhat" for product "Cloudforms" and version "4.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Cloudforms Search vendor "Redhat" for product "Cloudforms" | 4.7 Search vendor "Redhat" for product "Cloudforms" and version "4.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Software Collections Search vendor "Redhat" for product "Software Collections" | 1.0 Search vendor "Redhat" for product "Software Collections" and version "1.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||