CVE-2016-0751
high
CVSS v3
7.5
CVSS v2
5.0
VIR risk
7.5
Description
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.
Predictions
Exploit likelihood
83%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-0751
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2016-0751.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 2:4.2.5.1-1 |
| debian | bullseye | fixed | 2:4.2.5.1-1 |
| debian | forky | fixed | 2:4.2.5.1-1 |
| debian | sid | fixed | 2:4.2.5.1-1 |
| debian | trixie | fixed | 2:4.2.5.1-1 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| RubyGems | actionpack | <>= 5.0.0.beta1.1 | >= 5.0.0.beta1.1 |
| RubyGems | actionpack | >=4.2.0,<4.2.5.1 | 4.2.5.1 |
| RubyGems | actionpack | <3.2.22.1 | 3.2.22.1 |
| RubyGems | actionpack | >=4.0.0,<4.1.14.1 | 4.1.14.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| rubyonrails | rails | 4.0.0 | |
| rubyonrails | rails | 4.0.1 | |
| rubyonrails | rails | 4.0.2 | |
| rubyonrails | rails | 4.0.3 | |
| rubyonrails | rails | 4.0.4 | |
| rubyonrails | rails | 4.0.5 | |
| rubyonrails | rails | 4.0.6 | |
| rubyonrails | rails | 4.0.7 | |
| rubyonrails | rails | 4.0.8 | |
| rubyonrails | rails | 4.0.9 | |
| rubyonrails | rails | 4.0.10 | |
| rubyonrails | rails | 4.1.0 | |
| rubyonrails | rails | 4.1.1 | |
| rubyonrails | rails | 4.1.2 | |
| rubyonrails | rails | 4.1.3 | |
| rubyonrails | rails | 4.1.4 | |
| rubyonrails | rails | 4.1.5 | |
| rubyonrails | rails | 4.1.6 | |
| rubyonrails | rails | 4.1.7 | |
| rubyonrails | rails | 4.1.8 | |
| rubyonrails | rails | 4.1.9 | |
| rubyonrails | rails | 4.1.10 | |
| rubyonrails | rails | 4.1.12 | |
| rubyonrails | rails | 4.1.13 | |
| rubyonrails | rails | 4.2.0 | |
| rubyonrails | rails | 4.2.1 | |
| rubyonrails | rails | 4.2.2 | |
| rubyonrails | rails | 4.2.3 | |
| rubyonrails | rails | 4.2.4 | |
| rubyonrails | rails | 4.2.5 | |
| rubyonrails | rails | 5.0.0 | |
| rubyonrails | ruby_on_rails | {"endIncluding":"3.2.22"} | |
| rubyonrails | ruby_on_rails | 4.0.10 | |
| rubyonrails | ruby_on_rails | 4.0.11 | |
| rubyonrails | ruby_on_rails | 4.0.11.1 | |
| rubyonrails | ruby_on_rails | 4.0.12 | |
| rubyonrails | ruby_on_rails | 4.0.13 | |
| rubyonrails | ruby_on_rails | 4.1.11 | |
References
- https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc
- https://www.suse.com/security/cve/CVE-2016-0751.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
- http://rhn.redhat.com/errata/RHSA-2016-0296.html
- http://www.debian.org/security/2016/dsa-3464
- http://www.openwall.com/lists/oss-security/2016/01/25/9
- http://www.securityfocus.com/bid/81800
- http://www.securitytracker.com/id/1034816
- https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ
- https://nvd.nist.gov/vuln/detail/CVE-2016-0751
- https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17
- https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6
- https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af
- https://github.com/rails/rails
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml
- https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816
- https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800
- https://security-tracker.debian.org/tracker/CVE-2016-0751
CWEs
CWE-399
Verify integrity in audit chain (admin only). AS-IS.