Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Ruby on Rails Resource Management Errors Vulnerability - CVE-2016-0751 - Vulnerability Database
Ruby on Rails

Ruby on Rails Resource Management Errors Vulnerability - CVE-2016-0751

High
Reference: CVE-2016-0751
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-0751
Title: Ruby on Rails Resource Management Errors Vulnerability
Overview:

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1 4.0.x and 4.1.x before 4.1.14.1 4.2.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.