CVE-2015-3227

{"id": "CVE-2015-3227", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-07-26T22:59:06.070", "references": [{"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html", "source": "[email protected]"}, {"url": "http://openwall.com/lists/oss-security/2015/06/16/16", "source": "[email protected]"}, {"url": "http://www.debian.org/security/2016/dsa-3464", "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/75234", "source": "[email protected]"}, {"url": "http://www.securitytracker.com/id/1033755", "source": "[email protected]"}, {"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://openwall.com/lists/oss-security/2015/06/16/16", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2016/dsa-3464", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/75234", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1033755", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth."}, {"lang": "es", "value": "Vulnerabilidad en los componentes (1) jdom.rb y (2) rexml.rb en Active Support en Ruby on Rails en versiones anteriores a 4.1.11 y 4.2.x anteriores a 4.2.2, cuando JDOM o REXML est\u00e1 activado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (SystemStackError) a trav\u00e9s de un documento XML de gran tama\u00f1o."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B7A927B-7E18-44B5-9307-E602790F8AB7"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAB8D57F-9849-428C-B8E9-D0A1020728BB"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0359DA8-6B41-46C5-AA95-41B1B366DD4A"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "847B3C3D-8656-404D-A954-09C159EDC8E2"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65CA2D50-B33C-4088-BDDF-EB964C9A092C"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CADB5989-5260-4F60-ACF2-BEB6D7F97654"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9036E3C7-0AD5-489D-BCEE-31DFE13F5ADA"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "539C550D-FEDD-415E-95AE-40E1AE2BAF1A"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59C5B869-74FC-4051-A103-A721332B3CF2"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A68D41F-36A9-4B77-814D-996F4E48FA79"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83F1142C-3BFB-4B72-A033-81E20DB19D02"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}