Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby on Rails Resource Management Errors Vulnerability - CVE-2016-0751 - Vulnerability Database
Ruby on Rails

Ruby on Rails Resource Management Errors Vulnerability - CVE-2016-0751

High
Reference: CVE-2016-0751
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-0751
Title: Ruby on Rails Resource Management Errors Vulnerability
Overview:

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1 4.0.x and 4.1.x before 4.1.14.1 4.2.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.