CVE-2016-0751
EUVD-2017-022616.02.2016, 02:59
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| rubyonrails | rails | 4.0.0 |
| rubyonrails | rails | 4.0.0:beta |
| rubyonrails | rails | 4.0.0:rc1 |
| rubyonrails | rails | 4.0.0:rc2 |
| rubyonrails | rails | 4.0.1 |
| rubyonrails | rails | 4.0.1:rc1 |
| rubyonrails | rails | 4.0.1:rc2 |
| rubyonrails | rails | 4.0.1:rc3 |
| rubyonrails | rails | 4.0.1:rc4 |
| rubyonrails | rails | 4.0.2 |
| rubyonrails | rails | 4.0.3 |
| rubyonrails | rails | 4.0.4 |
| rubyonrails | rails | 4.0.5 |
| rubyonrails | rails | 4.0.6 |
| rubyonrails | rails | 4.0.6:rc1 |
| rubyonrails | rails | 4.0.6:rc2 |
| rubyonrails | rails | 4.0.6:rc3 |
| rubyonrails | rails | 4.0.7 |
| rubyonrails | rails | 4.0.8 |
| rubyonrails | rails | 4.0.9 |
| rubyonrails | rails | 4.0.10 |
| rubyonrails | rails | 4.0.10:rc1 |
| rubyonrails | rails | 4.1.0 |
| rubyonrails | rails | 4.1.0:beta1 |
| rubyonrails | rails | 4.1.1 |
| rubyonrails | rails | 4.1.2 |
| rubyonrails | rails | 4.1.2:rc1 |
| rubyonrails | rails | 4.1.2:rc2 |
| rubyonrails | rails | 4.1.2:rc3 |
| rubyonrails | rails | 4.1.3 |
| rubyonrails | rails | 4.1.4 |
| rubyonrails | rails | 4.1.5 |
| rubyonrails | rails | 4.1.6:rc1 |
| rubyonrails | rails | 4.1.7 |
| rubyonrails | rails | 4.1.8 |
| rubyonrails | rails | 4.1.9 |
| rubyonrails | rails | 4.1.10 |
| rubyonrails | rails | 4.1.12 |
| rubyonrails | rails | 4.1.13 |
| rubyonrails | rails | 4.2.0:beta1 |
| rubyonrails | rails | 4.2.0:beta2 |
| rubyonrails | rails | 4.2.0:beta3 |
| rubyonrails | rails | 4.2.0:beta4 |
| rubyonrails | rails | 4.2.0:rc1 |
| rubyonrails | rails | 4.2.0:rc2 |
| rubyonrails | rails | 4.2.0:rc3 |
| rubyonrails | rails | 4.2.1 |
| rubyonrails | rails | 4.2.1:rc1 |
| rubyonrails | rails | 4.2.1:rc2 |
| rubyonrails | rails | 4.2.1:rc3 |
| rubyonrails | rails | 4.2.1:rc4 |
| rubyonrails | rails | 4.2.2 |
| rubyonrails | rails | 4.2.3 |
| rubyonrails | rails | 4.2.3:rc1 |
| rubyonrails | rails | 4.2.4 |
| rubyonrails | rails | 4.2.4:rc1 |
| rubyonrails | rails | 4.2.5 |
| rubyonrails | rails | 4.2.5:rc1 |
| rubyonrails | rails | 4.2.5:rc2 |
| rubyonrails | rails | 5.0.0:beta1 |
| rubyonrails | ruby_on_rails | 𝑥 ≤ 3.2.22 |
| rubyonrails | ruby_on_rails | 4.0.10:rc2 |
| rubyonrails | ruby_on_rails | 4.0.11 |
| rubyonrails | ruby_on_rails | 4.0.11.1 |
| rubyonrails | ruby_on_rails | 4.0.12 |
| rubyonrails | ruby_on_rails | 4.0.13 |
| rubyonrails | ruby_on_rails | 4.0.13:rc1 |
| rubyonrails | ruby_on_rails | 4.1.11 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| rails |
| ||||||||||||||||||||||
| rails-4.0 |
| ||||||||||||||||||||||
| ruby-actionpack-2.3 |
| ||||||||||||||||||||||
| ruby-actionpack-3.2 |
| ||||||||||||||||||||||
| ruby-activerecord-2.3 |
| ||||||||||||||||||||||
| ruby-activerecord-3.2 |
| ||||||||||||||||||||||
| ruby-activesupport-2.3 |
| ||||||||||||||||||||||
| ruby-activesupport-3.2 |
| ||||||||||||||||||||||
| ruby-rails-2.3 |
| ||||||||||||||||||||||
| ruby-rails-3.2 |
|
Common Weakness Enumeration
References