Back to bug 1232292

Who When What Removed Added
Vasyl Kaigorodov 2015-06-16 12:43:58 UTC CC security-response-team
Red Hat Bugzilla 2015-06-16 12:43:58 UTC Doc Type --- Bug Fix
Vasyl Kaigorodov 2015-06-16 12:45:19 UTC Blocks 1232293
Kurt Seifried 2015-06-16 19:35:34 UTC Whiteboard impact=moderate,public=no,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected impact=moderate,public=20160616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected
Kurt Seifried 2015-06-16 19:36:55 UTC Whiteboard impact=moderate,public=20160616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected
Kurt Seifried 2015-06-16 19:37:15 UTC Summary EMBARGOED CVE-2015-3225 rubygem-rack: Potential Denial of Service Vulnerability in Rack normalize_params() CVE-2015-3225 rubygem-rack: Potential Denial of Service Vulnerability in Rack normalize_params()
Kurt Seifried 2015-06-16 19:37:18 UTC Group security, qe_staff
Salvatore Bonaccorso 2015-06-16 20:42:56 UTC CC carnil
Jan Pokorný [poki] 2015-06-17 08:43:01 UTC Depends On 1232644
Ján Rusnačko 2015-07-31 07:20:32 UTC CC jrusnack
Fixed In Version Rack 1.6.2, Rack 1.5.4 rubygem-rack-1.6.2, rubygem-rack-1.5.4
Doc Text A flaw was found in a way Rack processed parameters of incoming requests. Attacker could exploit this flaw by sending a crafted request, that would cause application to crash and cause denial of service.
Whiteboard impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,cwe=CWE-400
Ján Rusnačko 2015-07-31 07:26:36 UTC Depends On 1248923
Ján Rusnačko 2015-07-31 07:26:43 UTC Depends On 1248924
Ján Rusnačko 2015-07-31 07:26:50 UTC Depends On 1248925
Ján Rusnačko 2015-07-31 07:26:56 UTC Depends On 1248926
Ján Rusnačko 2015-07-31 07:27:02 UTC Depends On 1248927
Ján Rusnačko 2015-07-31 08:10:56 UTC Whiteboard impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,cwe=CWE-400 impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,rhel-6/pcs=affected,rhel-7/pcs=affected,cwe=CWE-400
Ján Rusnačko 2015-07-31 08:29:22 UTC Whiteboard impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=affected,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=affected,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=affected,rhscl-2/ruby193-rubygem-rack=affected,rhscl-2/rh-ror41-rubygem-rack=affected,openstack-foreman/rubygem-rack=affected,openshift-enterprise-2/rubygem-rack=affected,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,rhel-6/pcs=affected,rhel-7/pcs=affected,cwe=CWE-400 impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,rhel-6/pcs=wontfix,rhel-7/pcs=affected,cwe=CWE-400
Ján Rusnačko 2015-07-31 08:33:54 UTC Whiteboard impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,rhel-6/pcs=wontfix,rhel-7/pcs=affected,cwe=CWE-400 impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,rhel-7/pcs=affected,cwe=CWE-400
Ján Rusnačko 2015-08-04 06:17:11 UTC Whiteboard impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=affected,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,rhel-7/pcs=affected,cwe=CWE-400 impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=wontfix,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,rhel-7/pcs=affected,cwe=CWE-400
Ján Rusnačko 2015-08-04 06:17:54 UTC Whiteboard impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=wontfix,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=affected,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=affected,openshift-1/ruby193-rubygem-rack=affected,rhel-7/pcs=affected,cwe=CWE-400 impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-400,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=wontfix,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=wontfix,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=wontfix,openshift-1/ruby193-rubygem-rack=wontfix,rhel-7/pcs=wontfix
Ján Rusnačko 2015-08-04 06:18:05 UTC Status NEW CLOSED
Resolution --- WONTFIX
Last Closed 2015-08-04 02:18:05 UTC
Martin Prpič 2015-08-17 14:09:10 UTC Doc Text A flaw was found in a way Rack processed parameters of incoming requests. Attacker could exploit this flaw by sending a crafted request, that would cause application to crash and cause denial of service. A flaw was found in a way Rack processed parameters of incoming requests. An attacker could use this flaw to send a crafted request that would cause an application using Rack to crash.
Joe Rafaniello 2015-08-28 13:26:35 UTC CC jrafanie
Huzaifa S. Sidhpurwala 2015-09-30 16:04:20 UTC Blocks 1210268
Huzaifa S. Sidhpurwala 2015-10-01 02:35:26 UTC Whiteboard impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-400,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=wontfix,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=wontfix,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=wontfix,openshift-1/ruby193-rubygem-rack=wontfix,rhel-7/pcs=wontfix impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-400,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=wontfix,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=wontfix,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=wontfix,openshift-1/ruby193-rubygem-rack=wontfix,rhel-7/pcs=affected
Perry Myers 2016-04-27 00:52:57 UTC CC pmyers
Product Security DevOps Team 2019-09-29 13:33:32 UTC Whiteboard impact=moderate,public=20150616,reported=20150610,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P,cwe=CWE-400,fedora-all/rubygem-rack=affected,epel-all/rubygem-rack=affected,mrg-2/rubygem-rack=wontfix,rhn_satellite_6/rubygem-rack=wontfix,sam-1/rubygem-rack=wontfix,cfme-5/ruby193-rubygem-rack=wontfix,rhscl-2/ror40-rubygem-rack=wontfix,rhscl-2/ruby193-rubygem-rack=wontfix,rhscl-2/rh-ror41-rubygem-rack=wontfix,openstack-foreman/rubygem-rack=wontfix,openshift-enterprise-2/rubygem-rack=wontfix,openshift-1/rubygem-rack=wontfix,openshift-1/ruby193-rubygem-rack=wontfix,rhel-7/pcs=affected

Back to bug 1232292