QID 357336
Date Published: 2024-03-19
QID 357336: Amazon Linux Security Advisory for pcs : ALAS2-2024-2492
A denial of service (dos) vulnerability was found in rubygem-rack in how it parses content-type.
Carefully crafted content type headers can cause rack's media type parser to take much longer than expected, leading to a possible denial of service vulnerability. (
( CVE-2024-25126) a denial of service (dos) vulnerability was found in rubygem-rack in how it parses range header.
Carefully crafted range headers can cause a server to respond with an unexpectedly large response.
Responding with such large responses could lead to a denial of service issue. (
( CVE-2024-26141) a denial of service (dos) vulnerability was found in rubygem-rack in how it parses rack header.
Carefully crafted headers can cause header parsing in rack to take longer than expected resulting in a possible denial of service issue.
Accept and forwarded headers are impacted. (
( CVE-2024-26146)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2-2024-2492 -
alas.aws.amazon.com/AL2/ALAS-2024-2492.html
CVEs related to QID 357336
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2-2024-2492 | amazon linux 2 |
alas.aws.amazon.com/AL2/ALAS-2024-2492.html |