Vulnerability in Rubyonrails Rails
CVE-2016-0751
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, wh…
EPSS: 0.089 (92.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Rubyonrails Rails — versions 4.0.0, 4.0.1, 4.0.2
- Rubyonrails Ruby_on_rails — versions 4.0.10, 4.0.11, 4.0.11.1
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- openSUSE-SU-2016:0372 (vendor-advisory, x_refsource_SUSE)
- openSUSE-SU-2016:0363 (vendor-advisory, x_refsource_SUSE)
- FEDORA-2016-94e71ee673 (x_refsource_FEDORA, vendor-advisory)
- [ruby-security-ann] 20160125 [CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack (mailing-list, x_refsource_MLIST)
- FEDORA-2016-f486068393 (x_refsource_FEDORA, vendor-advisory)
- SUSE-SU-2016:1146 (vendor-advisory, x_refsource_SUSE)
- 81800 (vdb-entry, x_refsource_BID)
- 1034816 (vdb-entry, x_refsource_SECTRACK)
- [oss-security] 20160125 [CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack (mailing-list, x_refsource_MLIST)
- DSA-3464 (vendor-advisory, x_refsource_DEBIAN)
Frequently asked questions
- What is CVE-2016-0751?
- CVE-2016-0751 is a high-severity vulnerability in Rubyonrails Rails, classified under CWE-399. CVSS score: 7.5/10. Published 2016-02-16.
- How severe is CVE-2016-0751?
- High severity. CVSS v3 base score is 7.5 out of 10.
- Is CVE-2016-0751 known to be exploited?
- 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.