Back to bug 1232292
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Vasyl Kaigorodov | 2015-06-16 12:43:58 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2015-06-16 12:43:58 UTC | Doc Type | --- | Bug Fix |
| Vasyl Kaigorodov | 2015-06-16 12:45:19 UTC | Blocks | 1232293 | |
| Kurt Seifried | 2015-06-16 19:35:34 UTC | Whiteboard | impact=moderate,public=no,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected | impact=moderate,public=20160616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected |
| Kurt Seifried | 2015-06-16 19:36:55 UTC | Whiteboard | impact=moderate,public=20160616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected | impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected |
| Kurt Seifried | 2015-06-16 19:37:15 UTC | Summary | EMBARGOED CVE-2015-3225 rubygem-rack: Potential Denial of Service Vulnerability in Rack normalize_params() | CVE-2015-3225 rubygem-rack: Potential Denial of Service Vulnerability in Rack normalize_params() |
| Kurt Seifried | 2015-06-16 19:37:18 UTC | Group | security, qe_staff | |
| Salvatore Bonaccorso | 2015-06-16 20:42:56 UTC | CC | carnil | |
| Jan Pokorný [poki] | 2015-06-17 08:43:01 UTC | Depends On | 1232644 | |
| Ján Rusnačko | 2015-07-31 07:20:32 UTC | CC | jrusnack | |
| Fixed In Version | Rack 1.6.2, Rack 1.5.4 | rubygem-rack-1.6.2, rubygem-rack-1.5.4 | ||
| Doc Text | A flaw was found in a way Rack processed parameters of incoming requests. Attacker could exploit this flaw by sending a crafted request, that would cause application to crash and cause denial of service. | |||
| Whiteboard | impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected | impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,cwe=CWE-400 | ||
| Ján Rusnačko | 2015-07-31 07:26:36 UTC | Depends On | 1248923 | |
| Ján Rusnačko | 2015-07-31 07:26:43 UTC | Depends On | 1248924 | |
| Ján Rusnačko | 2015-07-31 07:26:50 UTC | Depends On | 1248925 | |
| Ján Rusnačko | 2015-07-31 07:26:56 UTC | Depends On | 1248926 | |
| Ján Rusnačko | 2015-07-31 07:27:02 UTC | Depends On | 1248927 | |
| Ján Rusnačko | 2015-07-31 08:10:56 UTC | Whiteboard | impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,cwe=CWE-400 | impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,rhel-6/pcs=affected,rhel-7/pcs=affected,cwe=CWE-400 |
| Ján Rusnačko | 2015-07-31 08:29:22 UTC | Whiteboard | impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,rhel-6/pcs=affected,rhel-7/pcs=affected,cwe=CWE-400 | impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,rhel-6/pcs=wontfix,rhel-7/pcs=affected,cwe=CWE-400 |
| Ján Rusnačko | 2015-07-31 08:33:54 UTC | Whiteboard | impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,rhel-6/pcs=wontfix,rhel-7/pcs=affected,cwe=CWE-400 | impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,rhel-7/pcs=affected,cwe=CWE-400 |
| Ján Rusnačko | 2015-08-04 06:17:11 UTC | Whiteboard | impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,rhel-7/pcs=affected,cwe=CWE-400 | impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=wontfix,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,rhel-7/pcs=affected,cwe=CWE-400 |
| Ján Rusnačko | 2015-08-04 06:17:54 UTC | Whiteboard | impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=wontfix,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,rhel-7/pcs=affected,cwe=CWE-400 | impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-400,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=wontfix,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=wontfix,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=wontfix,openshift-1/ruby193-rubygem-rack=wontfix,rhel-7/pcs=wontfix |
| Ján Rusnačko | 2015-08-04 06:18:05 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Last Closed | 2015-08-04 02:18:05 UTC | |||
| Martin Prpič | 2015-08-17 14:09:10 UTC | Doc Text | A flaw was found in a way Rack processed parameters of incoming requests. Attacker could exploit this flaw by sending a crafted request, that would cause application to crash and cause denial of service. | A flaw was found in a way Rack processed parameters of incoming requests. An attacker could use this flaw to send a crafted request that would cause an application using Rack to crash. |
| Joe Rafaniello | 2015-08-28 13:26:35 UTC | CC | jrafanie | |
| Huzaifa S. Sidhpurwala | 2015-09-30 16:04:20 UTC | Blocks | 1210268 | |
| Huzaifa S. Sidhpurwala | 2015-10-01 02:35:26 UTC | Whiteboard | impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-400,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=wontfix,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=wontfix,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=wontfix,openshift-1/ruby193-rubygem-rack=wontfix,rhel-7/pcs=wontfix | impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-400,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=wontfix,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=wontfix,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=wontfix,openshift-1/ruby193-rubygem-rack=wontfix,rhel-7/pcs=affected |
| Perry Myers | 2016-04-27 00:52:57 UTC | CC | pmyers | |
| Product Security DevOps Team | 2019-09-29 13:33:32 UTC | Whiteboard | impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-400,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=wontfix,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=wontfix,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=wontfix,openshift-1/ruby193-rubygem-rack=wontfix,rhel-7/pcs=affected |
Back to bug 1232292