UBUNTU-CVE-2016-0751
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2016-0751
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-0751.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-0751
- Related
- Published
- 2016-02-16T02:59:00Z
- Modified
- 2016-02-16T02:59:00Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
actionpack/lib/actiondispatch/http/mimetype.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.
- References
Affected packages
Ubuntu:16.04:LTS / rails
Package
- Name
- rails
- Purl
- pkg:deb/ubuntu/rails@2:4.2.5.1-1?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:4.2.5.1-1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"ruby-actionpack": "2:4.2.5.1-1",
"ruby-activesupport": "2:4.2.5.1-1",
"ruby-railties": "2:4.2.5.1-1",
"rails": "2:4.2.5.1-1",
"ruby-activerecord": "2:4.2.5.1-1",
"ruby-activemodel": "2:4.2.5.1-1",
"ruby-rails": "2:4.2.5.1-1",
"ruby-activejob": "2:4.2.5.1-1",
"ruby-actionview": "2:4.2.5.1-1",
"ruby-actionmailer": "2:4.2.5.1-1"
}
]
}