vulnerability
FreeBSD: VID-2FDB053C-CA25-11ED-9D7E-080027F5FEC9 (CVE-2023-27539): rack -- possible denial of service vulnerability in header parsing
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Mar 13, 2023 | Mar 24, 2023 | Feb 18, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Mar 13, 2023
Added
Mar 24, 2023
Modified
Feb 18, 2025
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-2FDB053C-CA25-11ED-9D7E-080027F5FEC9:
ooooooo_q reports:
Carefully crafted input can cause header parsing in Rack
to take an unexpected amount of time, possibly resulting
in a denial of service attack vector. Any applications
that parse headers using Rack (virtually all Rails
applications) are impacted.
Solution(s)
freebsd-upgrade-package-rubygem-rackfreebsd-upgrade-package-rubygem-rack16freebsd-upgrade-package-rubygem-rack22
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.