VDB
CVE-2016-0751
CVE-2016-0751
REJECTED
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.
EPSS 8.90% · 92.7th percentile
Risk Scores
EPSS Score
8.90%
92.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | rails | 0, 2:4.1.10-1, 2:4.2.5-1 |
Exploit Intelligence
- [ruby-security-ann] 20160125 [CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack (cve.org)
- [oss-security] 20160125 [CVE-2016-0751] Possible Object Leak and Denial of Service attack in Action Pack (cve.org)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
…and 97 more exploits
Timeline
- Jan 25, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 19, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 1, 2025 EPSS Score
- Apr 13, 2025 EPSS Score
- Apr 14, 2025 EPSS Score
- Apr 15, 2025 EPSS Score
- Apr 16, 2025 EPSS Score
- Apr 20, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-0751 third-party-advisory
- https://marc.info/?l=oss-security&m=145375035828624&w=2 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-0751 third-party-advisory