cvelist/2015/3xxx/CVE-2015-3227.json

{
    "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2015-3227",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "n/a",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "n/a"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "n/a"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "n/a"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "1033755",
                "refsource": "SECTRACK",
                "url": "http://www.securitytracker.com/id/1033755"
            },
            {
                "name": "75234",
                "refsource": "BID",
                "url": "http://www.securityfocus.com/bid/75234"
            },
            {
                "name": "[rubyonrails-security] 20150616 [CVE-2015-3227] Possible Denial of Service attack in Active Support",
                "refsource": "MLIST",
                "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J"
            },
            {
                "name": "openSUSE-SU-2015:1279",
                "refsource": "SUSE",
                "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html"
            },
            {
                "name": "DSA-3464",
                "refsource": "DEBIAN",
                "url": "http://www.debian.org/security/2016/dsa-3464"
            },
            {
                "name": "[oss-security] 20150616 [CVE-2015-3227] Possible Denial of Service attack in Active Support",
                "refsource": "MLIST",
                "url": "http://openwall.com/lists/oss-security/2015/06/16/16"
            }
        ]
    }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
"-Synchronized-Data." 2019-03-18 06:15:47 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "secalert@redhat.com",`
			`"ID": "CVE-2015-3227",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "n/a",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "n/a"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "n/a"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
"-Synchronized-Data." 2019-03-18 06:15:47 +00:00			`"lang": "eng",`
			`"value": "The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth."`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
"-Synchronized-Data." 2019-03-18 06:15:47 +00:00			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "n/a"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "1033755",`
			`"refsource": "SECTRACK",`
			`"url": "http://www.securitytracker.com/id/1033755"`
			`},`
			`{`
			`"name": "75234",`
			`"refsource": "BID",`
			`"url": "http://www.securityfocus.com/bid/75234"`
			`},`
			`{`
			`"name": "[rubyonrails-security] 20150616 [CVE-2015-3227] Possible Denial of Service attack in Active Support",`
			`"refsource": "MLIST",`
			`"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J"`
			`},`
			`{`
			`"name": "openSUSE-SU-2015:1279",`
			`"refsource": "SUSE",`
			`"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html"`
			`},`
			`{`
			`"name": "DSA-3464",`
			`"refsource": "DEBIAN",`
			`"url": "http://www.debian.org/security/2016/dsa-3464"`
			`},`
			`{`
			`"name": "[oss-security] 20150616 [CVE-2015-3227] Possible Denial of Service attack in Active Support",`
			`"refsource": "MLIST",`
			`"url": "http://openwall.com/lists/oss-security/2015/06/16/16"`
			`}`
			`]`
			`}`
			`}`