CVE-2016-0751

Published: Feb 16, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.

Affected (68)

Products: Rubyonrails: Rails, Ruby On Rails

Rubyonrails

2 products

Rails

Ruby On Rails

Configuration A

68 vulnerable

Vulnerable Software	Affected Versions
Rubyonrails Rails	Version 4.0.0
Rubyonrails Rails	Version 4.0.0 beta
Rubyonrails Rails	Version 4.0.0 rc1
Rubyonrails Rails	Version 4.0.0 rc2
Rubyonrails Rails	Version 4.0.10
Rubyonrails Rails	Version 4.0.10 rc1
Rubyonrails Rails	Version 4.0.1
Rubyonrails Rails	Version 4.0.1 rc1
Rubyonrails Rails	Version 4.0.1 rc2
Rubyonrails Rails	Version 4.0.1 rc3
Rubyonrails Rails	Version 4.0.1 rc4
Rubyonrails Rails	Version 4.0.2
Rubyonrails Rails	Version 4.0.3
Rubyonrails Rails	Version 4.0.4
Rubyonrails Rails	Version 4.0.5
Rubyonrails Rails	Version 4.0.6
Rubyonrails Rails	Version 4.0.6 rc1
Rubyonrails Rails	Version 4.0.6 rc2
Rubyonrails Rails	Version 4.0.6 rc3
Rubyonrails Rails	Version 4.0.7
Rubyonrails Rails	Version 4.0.8
Rubyonrails Rails	Version 4.0.9
Rubyonrails Rails	Version 4.1.0
Rubyonrails Rails	Version 4.1.0 beta1
Rubyonrails Rails	Version 4.1.10
Rubyonrails Rails	Version 4.1.12
Rubyonrails Rails	Version 4.1.13
Rubyonrails Rails	Version 4.1.1
Rubyonrails Rails	Version 4.1.2
Rubyonrails Rails	Version 4.1.2 rc1
Rubyonrails Rails	Version 4.1.2 rc2
Rubyonrails Rails	Version 4.1.2 rc3
Rubyonrails Rails	Version 4.1.3
Rubyonrails Rails	Version 4.1.4
Rubyonrails Rails	Version 4.1.5
Rubyonrails Rails	Version 4.1.6 rc1
Rubyonrails Rails	Version 4.1.7
Rubyonrails Rails	Version 4.1.8
Rubyonrails Rails	Version 4.1.9
Rubyonrails Rails	Version 4.2.0 beta1
Rubyonrails Rails	Version 4.2.0 beta2
Rubyonrails Rails	Version 4.2.0 beta3
Rubyonrails Rails	Version 4.2.0 beta4
Rubyonrails Rails	Version 4.2.0 rc1
Rubyonrails Rails	Version 4.2.0 rc2
Rubyonrails Rails	Version 4.2.0 rc3
Rubyonrails Rails	Version 4.2.1
Rubyonrails Rails	Version 4.2.1 rc1
Rubyonrails Rails	Version 4.2.1 rc2
Rubyonrails Rails	Version 4.2.1 rc3
Rubyonrails Rails	Version 4.2.1 rc4
Rubyonrails Rails	Version 4.2.2
Rubyonrails Rails	Version 4.2.3
Rubyonrails Rails	Version 4.2.3 rc1
Rubyonrails Rails	Version 4.2.4
Rubyonrails Rails	Version 4.2.4 rc1
Rubyonrails Rails	Version 4.2.5
Rubyonrails Rails	Version 4.2.5 rc1
Rubyonrails Rails	Version 4.2.5 rc2
Rubyonrails Rails	Version 5.0.0 beta1
Rubyonrails Ruby On Rails	Up to 3.2.22
Rubyonrails Ruby On Rails	Version 4.0.10 rc2
Rubyonrails Ruby On Rails	Version 4.0.11.1
Rubyonrails Ruby On Rails	Version 4.0.11
Rubyonrails Ruby On Rails	Version 4.0.12
Rubyonrails Ruby On Rails	Version 4.0.13
Rubyonrails Ruby On Rails	Version 4.0.13 rc1
Rubyonrails Ruby On Rails	Version 4.1.11