5
CVSSv2

CVE-2016-0751

Published: 16/02/2016 Updated: 08/08/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails prior to 3.2.22.1, 4.0.x and 4.1.x prior to 4.1.14.1, 4.2.x prior to 4.2.5.1, and 5.x prior to 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote malicious users to cause a denial of service (memory consumption) via a crafted HTTP Accept header.

Affected Products

Vendor Product Versions
RubyonrailsRails4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.12, 4.1.13, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 5.0.0
RubyonrailsRuby On Rails3.2.22, 4.0.10, 4.0.11, 4.0.11.1, 4.0.12, 4.0.13, 4.1.11

Vendor Advisories

A flaw was found in the way the Action Pack component performed MIME type lookups Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service ...
About Apple security updatesFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page For more information about security, see the Apple Product Security page You can encrypt ...
Debian Bug report logs - #790486 rails: CVE-2015-3226: XSS in ActiveSupport::JSONencode Package: src:rails; Maintainer for src:rails is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 29 Jun 2015 18:36:01 UTC Sever ...
Debian Bug report logs - #790487 rails: CVE-2015-3227: Possible Denial of Service attack in Active Support Package: src:rails; Maintainer for src:rails is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 29 Jun 2015 1 ...
Multiple security issues have been discovered in the Ruby on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation For the stable distribution (jessie), these problems have been fixed in version 2:418-1+deb8u1 For the unstable distribution ( ...

Github Repositories

go-cve-dictionary This is tool to build a local copy of the NVD (National Vulnerabilities Database) [1] and the Japanese JVN [2], which contain security vulnerabilities according to their CVE identifiers [3] including exhaustive information and a risk score The local copy is generated in sqlite format, and the tool has a server mode for easy querying [1] enwikipedia

Ruby Advisory Database The Ruby Advisory Database is a community effort to compile all security advisories that are relevant to Ruby libraries You can check your own Gemfilelocks against this database by using bundler-audit Support Ruby security! Do you know about a vulnerability that isn't listed in this database? Open an issue, submit a PR, or use this form which will

Ruby Advisory Database The Ruby Advisory Database is a community effort to compile all security advisories that are relevant to Ruby libraries You can check your own Gemfilelocks against this database by using bundler-audit Support Ruby security! Do you know about a vulnerability that isn't listed in this database? Open an issue, submit a PR, or use this form which will