Summaryinfo

A vulnerability identified as problematic has been detected in rubygem-rack. This issue affects some unknown processing of the component Header Handler. This manipulation of the argument Content-Type causes denial of service. The identification of this vulnerability is CVE-2024-25126. There is no exploit available. You should upgrade the affected component. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Detailsinfo

A vulnerability was found in rubygem-rack (Programming Language Software) (affected version not known). It has been declared as problematic. Affected by this vulnerability is some unknown functionality of the component Header Handler. The manipulation of the argument Content-Type with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability.

The weakness was shared 02/23/2024. It is possible to read the advisory at bugzilla.redhat.com. This vulnerability is known as CVE-2024-25126 since 02/05/2024. Technical details of the vulnerability are known, but there is no available exploit.

The vulnerability scanner Nessus provides a plugin with the ID 207797 (ubuntu_linux USN-7036-1: Ubuntu 22.04 LTS : Rack vulnerabilities (USN-7036-1)), which helps to determine the existence of the flaw in a target environment.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (207797). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Programming Language Software

Name

• rubygem-rack

License

• open-source

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion