CVE-2015-3227 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-3227 Interim 1 17 2024-07-26T01:41:49Z current 2021-05-30T13:29:39Z 2024-07-26T01:41:49Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-3227 The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2016-January/001787.html E-Mail link for SUSE-SU-2016:0047-1 https://lists.suse.com/pipermail/sle-security-updates/2016-January/001792.html E-Mail link for SUSE-SU-2016:0082-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Lifecycle Management Server 1.3 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE OpenStack Cloud 5 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 SUSE Studio Onsite 1.3 SUSE WebYast 1.3 openSUSE Tumbleweed ruby2.1-rubygem-actionview-4_2 ruby2.1-rubygem-activesupport-4_1-4.1.9-9.2 ruby2.1-rubygem-activesupport-4_2-4.2.2-2.4 ruby2.2-rubygem-activesupport-4_2-4.2.7.1-1.1 ruby2.2-rubygem-activesupport-5_0-5.0.0.1-1.1 ruby2.2-rubygem-activesupport-doc-4_2-4.2.7.1-1.1 ruby2.2-rubygem-activesupport-doc-5_0-5.0.0.1-1.1 ruby2.3-rubygem-activesupport-4_2-4.2.7.1-1.1 ruby2.3-rubygem-activesupport-5_0-5.0.0.1-1.1 ruby2.3-rubygem-activesupport-doc-4_2-4.2.7.1-1.1 ruby2.3-rubygem-activesupport-doc-5_0-5.0.0.1-1.1 rubygem-actionview-4_2 rubygem-activesupport-3_2-3.2.12-0.14.3 rubygem-activesupport-3_2-3.2.12-0.14.3 as a component of SUSE Lifecycle Management Server 1.3 rubygem-activesupport-3_2-3.2.12-0.14.3 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 rubygem-activesupport-3_2-3.2.12-0.14.3 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 ruby2.1-rubygem-activesupport-4_1-4.1.9-9.2 as a component of SUSE OpenStack Cloud 5 ruby2.1-rubygem-activesupport-4_2-4.2.2-2.4 as a component of SUSE OpenStack Cloud 6 rubygem-activesupport-3_2-3.2.12-0.14.3 as a component of SUSE Studio Onsite 1.3 rubygem-activesupport-3_2-3.2.12-0.14.3 as a component of SUSE WebYast 1.3 ruby2.2-rubygem-activesupport-4_2-4.2.7.1-1.1 as a component of openSUSE Tumbleweed ruby2.2-rubygem-activesupport-5_0-5.0.0.1-1.1 as a component of openSUSE Tumbleweed ruby2.2-rubygem-activesupport-doc-4_2-4.2.7.1-1.1 as a component of openSUSE Tumbleweed ruby2.2-rubygem-activesupport-doc-5_0-5.0.0.1-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-activesupport-4_2-4.2.7.1-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-activesupport-5_0-5.0.0.1-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-activesupport-doc-4_2-4.2.7.1-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-activesupport-doc-5_0-5.0.0.1-1.1 as a component of openSUSE Tumbleweed ruby2.1-rubygem-actionview-4_2 as a component of SUSE OpenStack Cloud 7 rubygem-actionview-4_2 as a component of SUSE OpenStack Cloud 7 ruby2.1-rubygem-actionview-4_2 as a component of SUSE OpenStack Cloud Crowbar 8 rubygem-actionview-4_2 as a component of SUSE OpenStack Cloud Crowbar 8 ruby2.1-rubygem-actionview-4_2 as a component of SUSE OpenStack Cloud Crowbar 9 rubygem-actionview-4_2 as a component of SUSE OpenStack Cloud Crowbar 9 The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. CVE-2015-3227 SUSE Lifecycle Management Server 1.3:rubygem-activesupport-3_2-3.2.12-0.14.3 SUSE Linux Enterprise Software Development Kit 11 SP3:rubygem-activesupport-3_2-3.2.12-0.14.3 SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-activesupport-3_2-3.2.12-0.14.3 SUSE OpenStack Cloud 5:ruby2.1-rubygem-activesupport-4_1-4.1.9-9.2 SUSE OpenStack Cloud 6:ruby2.1-rubygem-activesupport-4_2-4.2.2-2.4 SUSE Studio Onsite 1.3:rubygem-activesupport-3_2-3.2.12-0.14.3 SUSE WebYast 1.3:rubygem-activesupport-3_2-3.2.12-0.14.3 openSUSE Tumbleweed:ruby2.2-rubygem-activesupport-4_2-4.2.7.1-1.1 openSUSE Tumbleweed:ruby2.2-rubygem-activesupport-5_0-5.0.0.1-1.1 openSUSE Tumbleweed:ruby2.2-rubygem-activesupport-doc-4_2-4.2.7.1-1.1 openSUSE Tumbleweed:ruby2.2-rubygem-activesupport-doc-5_0-5.0.0.1-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-activesupport-4_2-4.2.7.1-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-activesupport-5_0-5.0.0.1-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-activesupport-doc-4_2-4.2.7.1-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-activesupport-doc-5_0-5.0.0.1-1.1 SUSE OpenStack Cloud 7:ruby2.1-rubygem-actionview-4_2 SUSE OpenStack Cloud 7:rubygem-actionview-4_2 SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-actionview-4_2 SUSE OpenStack Cloud Crowbar 8:rubygem-actionview-4_2 SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-actionview-4_2 SUSE OpenStack Cloud Crowbar 9:rubygem-actionview-4_2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P