DEBIAN-CVE-2016-0751

DEBIAN-CVE-2016-0751 PUBLISHED CVSS 7.5 HIGH

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:11	rails	0, 0, 0
Debian:12	rails	0, 0, 0
Debian:14	rails	0, 0, 0
Debian:13	rails	0, 0, 0

Timeline

Feb 16, 2016 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2016-0751 advisory

Open in Interactive Console →