Lucene search

[email protected]NVD:CVE-2016-0751

HistoryFeb 16, 2016 - 2:59 a.m.

CVE-2016-0751

2016-02-1602:59:05

CWE-399

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.7%

JSON

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.

Affected configurations

NVD

Node

rubyonrailsrailsMatch4.0.0-

rubyonrailsrailsMatch4.0.0beta

rubyonrailsrailsMatch4.0.0rc1

rubyonrailsrailsMatch4.0.0rc2

rubyonrailsrailsMatch4.0.1-

rubyonrailsrailsMatch4.0.1rc1

rubyonrailsrailsMatch4.0.1rc2

rubyonrailsrailsMatch4.0.1rc3

rubyonrailsrailsMatch4.0.1rc4

rubyonrailsrailsMatch4.0.2

rubyonrailsrailsMatch4.0.3

rubyonrailsrailsMatch4.0.4

rubyonrailsrailsMatch4.0.5

rubyonrailsrailsMatch4.0.6

rubyonrailsrailsMatch4.0.6rc1

rubyonrailsrailsMatch4.0.6rc2

rubyonrailsrailsMatch4.0.6rc3

rubyonrailsrailsMatch4.0.7

rubyonrailsrailsMatch4.0.8

rubyonrailsrailsMatch4.0.9

rubyonrailsrailsMatch4.0.10

rubyonrailsrailsMatch4.0.10rc1

rubyonrailsrailsMatch4.1.0-

rubyonrailsrailsMatch4.1.0beta1

rubyonrailsrailsMatch4.1.1

rubyonrailsrailsMatch4.1.2

rubyonrailsrailsMatch4.1.2rc1

rubyonrailsrailsMatch4.1.2rc2

rubyonrailsrailsMatch4.1.2rc3

rubyonrailsrailsMatch4.1.3

rubyonrailsrailsMatch4.1.4

rubyonrailsrailsMatch4.1.5

rubyonrailsrailsMatch4.1.6rc1

rubyonrailsrailsMatch4.1.7

rubyonrailsrailsMatch4.1.8

rubyonrailsrailsMatch4.1.9

rubyonrailsrailsMatch4.1.10

rubyonrailsrailsMatch4.1.12

rubyonrailsrailsMatch4.1.13

rubyonrailsrailsMatch4.2.0beta1

rubyonrailsrailsMatch4.2.0beta2

rubyonrailsrailsMatch4.2.0beta3

rubyonrailsrailsMatch4.2.0beta4

rubyonrailsrailsMatch4.2.0rc1

rubyonrailsrailsMatch4.2.0rc2

rubyonrailsrailsMatch4.2.0rc3

rubyonrailsrailsMatch4.2.1

rubyonrailsrailsMatch4.2.1rc1

rubyonrailsrailsMatch4.2.1rc2

rubyonrailsrailsMatch4.2.1rc3

rubyonrailsrailsMatch4.2.1rc4

rubyonrailsrailsMatch4.2.2

rubyonrailsrailsMatch4.2.3

rubyonrailsrailsMatch4.2.3rc1

rubyonrailsrailsMatch4.2.4

rubyonrailsrailsMatch4.2.4rc1

rubyonrailsrailsMatch4.2.5

rubyonrailsrailsMatch4.2.5rc1

rubyonrailsrailsMatch4.2.5rc2

rubyonrailsrailsMatch5.0.0beta1

rubyonrailsruby_on_railsRange≤3.2.22

rubyonrailsruby_on_railsMatch4.0.10rc2

rubyonrailsruby_on_railsMatch4.0.11

rubyonrailsruby_on_railsMatch4.0.11.1

rubyonrailsruby_on_railsMatch4.0.12

rubyonrailsruby_on_railsMatch4.0.13

rubyonrailsruby_on_railsMatch4.0.13rc1

rubyonrailsruby_on_railsMatch4.1.11

References

lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

rhn.redhat.com/errata/RHSA-2016-0296.html

www.debian.org/security/2016/dsa-3464

www.openwall.com/lists/oss-security/2016/01/25/9

www.securityfocus.com/bid/81800

www.securitytracker.com/id/1034816

groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5.4 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.7%

JSON

Related for NVD:CVE-2016-0751

debiancve1 osv2 prion1 cve1 github1 cvelist1 ubuntucve1 rubygems1 openvas9 apple2 nessus8 fedora3 debian2 redhat3 freebsd1 ibm1 suse1