CVE-2019-5419

Published Mar 27, 2019

Last updated a year ago

Overview

Description: There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
Source: support@hackerone.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-770
support@hackerone.com: CWE-400

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF9998D1-8C7B-4402-930B-C370824D46AA",
            "versionEndExcluding": "4.2.11.1"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DCD16B7-B3E7-4EE4-B8B1-B25FBE75EFFF",
            "versionEndExcluding": "5.0.7.2",
            "versionStartIncluding": "5.0.0"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF0BA3C0-E2A4-4FE1-B443-308B7EFA32F2",
            "versionEndExcluding": "5.1.6.2",
            "versionStartIncluding": "5.1.0"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F248A4DE-4B0C-4E4C-AB38-C08F90B197F8",
            "versionEndExcluding": "5.2.2.1",
            "versionStartIncluding": "5.2.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67F7263F-113D-4BAE-B8CB-86A61531A2AC"
          },
          {
            "criteria": "cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04AC556D-D511-4C4C-B9FB-A089BB2FEFD5"
          },
          {
            "criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References