CVE-2015-7581 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-7581 Interim 1 16 2024-10-12T02:01:11Z current 2021-05-30T13:34:00Z 2024-10-12T02:01:11Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-7581 actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2016-February/001879.html E-Mail link for SUSE-SU-2016:0457-1 https://lists.suse.com/pipermail/sle-security-updates/2016-March/001964.html E-Mail link for SUSE-SU-2016:0858-1 https://lists.suse.com/pipermail/sle-security-updates/2016-April/002027.html E-Mail link for SUSE-SU-2016:1146-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 2.1 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE OpenStack Cloud 5 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 portus portus-2.0.3-2.4 ruby2.1-rubygem-actionmailer-4_2 ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1 ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1 rubygem-actionmailer-4_2 ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1 as a component of SUSE Enterprise Storage 2.1 portus-2.0.3-2.4 as a component of SUSE Linux Enterprise Module for Containers 12 ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1 as a component of SUSE OpenStack Cloud 5 ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1 as a component of SUSE OpenStack Cloud 6 portus as a component of SUSE Linux Enterprise Module for Containers 12 ruby2.1-rubygem-actionmailer-4_2 as a component of SUSE OpenStack Cloud 7 rubygem-actionmailer-4_2 as a component of SUSE OpenStack Cloud 7 ruby2.1-rubygem-actionmailer-4_2 as a component of SUSE OpenStack Cloud Crowbar 8 rubygem-actionmailer-4_2 as a component of SUSE OpenStack Cloud Crowbar 8 ruby2.1-rubygem-actionmailer-4_2 as a component of SUSE OpenStack Cloud Crowbar 9 rubygem-actionmailer-4_2 as a component of SUSE OpenStack Cloud Crowbar 9 actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route. CVE-2015-7581 SUSE Enterprise Storage 2.1:ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1 SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4 SUSE OpenStack Cloud 5:ruby2.1-rubygem-actionpack-4_1-4.1.9-9.1 SUSE OpenStack Cloud 6:ruby2.1-rubygem-actionpack-4_2-4.2.2-6.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H