 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2015-3227 |
| Description: | The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. |
| Test IDs: | 1.3.6.1.4.1.25623.1.1.1.2.2016.603 1.3.6.1.4.1.25623.1.0.807383 1.3.6.1.4.1.25623.1.0.807384 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-3227 BugTraq ID: 75234 http://www.securityfocus.com/bid/75234 Debian Security Information: DSA-3464 (Google Search) http://www.debian.org/security/2016/dsa-3464 http://openwall.com/lists/oss-security/2015/06/16/16 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J http://www.securitytracker.com/id/1033755 SuSE Security Announcement: openSUSE-SU-2015:1279 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html |