CVE-2016-0751
HIGHRuby on Rails <3.2.22.1, <4.0.x, <4.1.x<4.1.14.1, <4.2.x<4.2.5.1, <...
Title source: llmDescription
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.
References (11)
Core 11
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
Mailing List mailing-list
x_refsource_mlist
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/81800
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034816
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/01/25/9
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3464
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0296.html
Scores
CVSS v3
7.5
EPSS
0.0890
EPSS Percentile
92.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-399
Status
published
Products (27)
rubygems/actionpack
4.2.0 - 4.2.5.1RubyGems
rubyonrails/rails
4.0.0 (4 CPE variants)
rubyonrails/rails
4.0.1 (5 CPE variants)
rubyonrails/rails
4.0.2
rubyonrails/rails
4.0.3
rubyonrails/rails
4.0.4
rubyonrails/rails
4.0.5
rubyonrails/rails
4.0.6 (4 CPE variants)
rubyonrails/rails
4.0.7
rubyonrails/rails
4.0.8
... and 17 more
Published
Feb 16, 2016
Tracked Since
Feb 18, 2026