CVE-2016-0751
Description
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
6.145
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2015-7576,CVE-2016-0751,CVE-2016-0752 are fixed in Ruby-actionpack 3.2.22.1 | Windows |
| Vulnerabilities CVE-2015-7576,CVE-2016-0751,CVE-2016-0752 are fixed in Ruby-actionpack 4.1.14.1 | Windows |
| Vulnerabilities CVE-2015-7581,CVE-2016-0751,CVE-2016-0752 are fixed in Ruby-actionpack 4.2.5.1 | Windows |
| Vulnerabilities CVE-2015-7576,CVE-2016-0751,CVE-2016-0752 are fixed in Ruby-actionpack for Linux 3.2.22.1 | Linux |
| Vulnerabilities CVE-2015-7576,CVE-2016-0751,CVE-2016-0752 are fixed in Ruby-actionpack for Linux 4.1.14.1 | Linux |
| Vulnerabilities CVE-2015-7581,CVE-2016-0751,CVE-2016-0752 are fixed in Ruby-actionpack for Linux 4.2.5.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234