CVE-2013-6414

Ruby on Rails 3.x < 3.2.16 and 4.x < 4.0.2 - Denial of Service via Invalid MIME Type Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6414. PoCs published by Toby Hsieh, joev, sinn3r, including Metasploit module auxiliary/dos/http/rails_action_view.

AI-analyzed exploit summary This Metasploit module exploits a Denial of Service (DoS) vulnerability in Ruby on Rails Action View by sending crafted HTTP requests with large 'Accept' headers to exhaust server memory. It targets versions 3.0.0 and later, fixed in 4.0.2 and 3.2.16.

Description

actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.

Exploits (1)

metasploit WORKING POC

by Toby Hsieh, joev, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/rails_action_view.rb

View Code ZIP pw:eip

This Metasploit module exploits a Denial of Service (DoS) vulnerability in Ruby on Rails Action View by sending crafted HTTP requests with large 'Accept' headers to exhaust server memory. It targets versions 3.0.0 and later, fixed in 4.0.2 and 3.2.16.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Ruby on Rails (3.0.0 and later, before 4.0.2/3.2.16)

No auth needed

Prerequisites: Network access to the target Rails application · A controller action accessible via HTTP

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Mailing List mailing-list x_refsource_mlist

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-0008.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-1863.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1794.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/57836

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

Various Sources x_refsource_confirm

https://puppet.com/security/cve/cve-2013-6414

Patch, Vendor Advisory x_refsource_confirm

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/

Various Sources x_refsource_confirm

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2014/dsa-2888

Scores

EPSS 0.7084

EPSS Percentile 98.7%

Details

CWE

CWE-20

Status published

Products (22)

rubygems/actionpack 3.0.0 - 3.2.16RubyGems

rubyonrails/rails 4.0.0 (4 CPE variants)

rubyonrails/rails 4.0.1 rc1

rubyonrails/rails 3.0.0 (7 CPE variants)

rubyonrails/rails 3.0.1 (2 CPE variants)

rubyonrails/rails 3.0.2 (2 CPE variants)

rubyonrails/rails 3.0.3

rubyonrails/rails 3.0.4 rc1

rubyonrails/rails 3.0.5 (2 CPE variants)

rubyonrails/rails 3.0.6 (3 CPE variants)

... and 12 more

Published Dec 07, 2013

Tracked Since Feb 18, 2026