CVE Vulnerabilities

CVE-2016-0751

Published: Feb 16, 2016 | Modified: Aug 08, 2019
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.

Affected Software

Name Vendor Start Version End Version
Ruby_on_rails Rubyonrails 4.0.13 4.0.13
Ruby_on_rails Rubyonrails 4.0.13 4.0.13
Ruby_on_rails Rubyonrails 4.0.12 4.0.12
Ruby_on_rails Rubyonrails 4.0.10 4.0.10
Ruby_on_rails Rubyonrails 4.0.11.1 4.0.11.1
Ruby_on_rails Rubyonrails 4.0.11 4.0.11
Ruby_on_rails Rubyonrails 4.1.11 4.1.11
Ruby_on_rails Rubyonrails * 3.2.22
Rails Rubyonrails 4.0.0 4.0.0
Rails Rubyonrails 4.0.1 4.0.1
Rails Rubyonrails 4.0.2 4.0.2
Rails Rubyonrails 4.0.6 4.0.6
Rails Rubyonrails 4.1.0 4.1.0
Rails Rubyonrails 4.1.2 4.1.2
Rails Rubyonrails 4.1.2 4.1.2
Rails Rubyonrails 4.1.2 4.1.2
Rails Rubyonrails 4.1.2 4.1.2
Rails Rubyonrails 4.1.6 4.1.6
Rails Rubyonrails 4.1.9 4.1.9
Rails Rubyonrails 4.1.10 4.1.10
Rails Rubyonrails 4.1.12 4.1.12
Rails Rubyonrails 4.1.13 4.1.13
Rails Rubyonrails 4.2.0 4.2.0
Rails Rubyonrails 4.2.0 4.2.0
Rails Rubyonrails 4.2.0 4.2.0
Rails Rubyonrails 4.2.0 4.2.0
Rails Rubyonrails 4.2.0 4.2.0
Rails Rubyonrails 4.2.0 4.2.0
Rails Rubyonrails 4.2.0 4.2.0
Rails Rubyonrails 4.2.1 4.2.1
Rails Rubyonrails 4.2.1 4.2.1
Rails Rubyonrails 4.2.1 4.2.1
Rails Rubyonrails 4.2.1 4.2.1
Rails Rubyonrails 4.2.1 4.2.1
Rails Rubyonrails 4.2.3 4.2.3
Rails Rubyonrails 4.2.3 4.2.3
Rails Rubyonrails 4.2.4 4.2.4
Rails Rubyonrails 4.2.4 4.2.4
Rails Rubyonrails 4.2.5 4.2.5
Rails Rubyonrails 4.2.5 4.2.5
Rails Rubyonrails 4.2.5 4.2.5
Rails Rubyonrails 5.0.0 5.0.0
Rails Rubyonrails 4.0.7 4.0.7
Rails Rubyonrails 4.0.8 4.0.8
Rails Rubyonrails 4.0.9 4.0.9
Rails Rubyonrails 4.1.1 4.1.1
Rails Rubyonrails 4.1.3 4.1.3
Rails Rubyonrails 4.1.4 4.1.4
Rails Rubyonrails 4.1.5 4.1.5
Rails Rubyonrails 4.1.7 4.1.7
Rails Rubyonrails 4.1.8 4.1.8
Rails Rubyonrails 4.2.2 4.2.2
Rails Rubyonrails 4.0.0 4.0.0
Rails Rubyonrails 4.0.0 4.0.0
Rails Rubyonrails 4.0.0 4.0.0
Rails Rubyonrails 4.0.1 4.0.1
Rails Rubyonrails 4.0.1 4.0.1
Rails Rubyonrails 4.0.1 4.0.1
Rails Rubyonrails 4.0.1 4.0.1
Rails Rubyonrails 4.0.4 4.0.4
Rails Rubyonrails 4.0.6 4.0.6
Rails Rubyonrails 4.0.6 4.0.6
Rails Rubyonrails 4.0.6 4.0.6
Rails Rubyonrails 4.0.3 4.0.3
Rails Rubyonrails 4.0.5 4.0.5
Rails Rubyonrails 4.0.10 4.0.10
Rails Rubyonrails 4.0.10 4.0.10
Rails Rubyonrails 4.1.0 4.1.0

References