Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-0751

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2016012...
MLIST: [ruby-security-ann] 20...
BID: 81800
FEDORA: FEDORA-2016-94e71ee673
FEDORA: FEDORA-2016-f486068393
REDHAT: RHSA-2016:0296
SUSE: SUSE-SU-2016:1146
DEBIAN: DSA-3464
SUSE: openSUSE-SU-2016:0363
SUSE: openSUSE-SU-2016:0372
SECTRACK: 1034816

Launchpad.net

CVE 2016-0751

Related bugs

References