Vulnerabilities > CVE-2016-0751 - Resource Management Errors vulnerability in Rubyonrails Ruby on Rails

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
rubyonrails
CWE-399
nessus
NVD
Published: 2016-02-16
Updated: 2019-08-08

Summary

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.

Vulnerable Configurations

Part Description Count
Application
Rubyonrails
247

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_SERVER_5_3.NASL
    descriptionThe version of macOS Server (formerly known as Mac OS X Server) installed on the remote host is prior to 5.3. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in the Apache HTTP server when handling a saturation of partial HTTP requests. An unauthenticated, remote attacker can exploit this to crash the daemon. (CVE-2007-6750) - A denial of service vulnerability exists in Action Pack in Ruby on Rails due to improper restrictions on the use of the MIME type cache when handling specially crafted HTTP accept headers. An unauthenticated, remote attacker can exploit this to cause the cache to grow indefinitely. (CVE-2016-0751) - An information disclosure vulnerability exists in the Wiki Server component due to improper checking of unspecified permissions. An unauthenticated, remote can exploit this to enumerate users. (CVE-2017-2382)
    last seen2020-06-01
    modified2020-06-02
    plugin id99128
    published2017-03-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99128
    titlemacOS : macOS Server < 5.3 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-159.NASL
    descriptionThis update for rubygem-actionpack-4_2, rubygem-actionview-4_2, rubygem-activemodel-4_2, rubygem-activerecord-4_2, rubygem-activesupport-4_2 fixes the following issues : - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (boo#963329) - CVE-2016-0752: directory traversal and information leak in Action View (boo#963332) - CVE-2015-7581: unbounded memory growth DoS via wildcard controller routes (boo#963335) - CVE-2016-0751: rubygem-actionpack: Object Leak DoS (boo#963331) - CVE-2016-0753: Input Validation Circumvention (boo#963334) - CVE-2015-7577: Nested attributes rejection proc bypass (boo#963330)
    last seen2020-06-05
    modified2016-02-08
    plugin id88612
    published2016-02-08
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88612
    titleopenSUSE Security Update : rubygem-actionpack-4_2 / rubygem-actionview-4_2 / rubygem-activemodel-4_2 / etc (openSUSE-2016-159)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3464.NASL
    descriptionMultiple security issues have been discovered in the Ruby on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation.
    last seen2020-06-01
    modified2020-06-02
    plugin id88499
    published2016-02-01
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88499
    titleDebian DSA-3464-1 : rails - security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-160.NASL
    descriptionThis update for rubygem-actionpack-3_2, rubygem-activesupport-3_2 fixes the following issues : - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller (boo#963329) - CVE-2016-0752: directory traversal and information leak in Action View (boo#963332) - CVE-2016-0751: rubygem-actionpack: Object Leak DoS (boo#963331) - CVE-2015-7577: Nested attributes rejection proc bypass (boo#963330)
    last seen2020-06-05
    modified2016-02-08
    plugin id88613
    published2016-02-08
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88613
    titleopenSUSE Security Update : rubygem-actionpack-3_2 / rubygem-activesupport-3_2 (openSUSE-2016-160)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_BB0EF21D0E1B461BBC3D9CBA39948888.NASL
    descriptionRuby on Rails blog : Rails 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, and 3.2.22.1 have been released! These contain important security fixes, and it is recommended that users upgrade as soon as possible.
    last seen2020-06-01
    modified2020-06-02
    plugin id88532
    published2016-02-03
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88532
    titleFreeBSD : rails -- multiple vulnerabilities (bb0ef21d-0e1b-461b-bc3d-9cba39948888)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-604.NASL
    descriptionMultiple vulnerabilities have been discovered in ruby-actionpack-3.2, a web-flow and rendering framework and part of Rails : CVE-2015-7576 A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing attack. CVE-2016-0751 A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service. CVE-2016-0752 A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the
    last seen2020-03-17
    modified2016-08-29
    plugin id93132
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93132
    titleDebian DLA-604-1 : ruby-actionpack-3.2 security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-94E71EE673.NASL
    descriptionSecurity fix for CVE-2015-7581 CVE-2015-7576 CVE-2016-0751 CVE-2016-0752 CVE-2016-0753 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89583
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89583
    titleFedora 22 : rubygem-actionpack-4.2.0-3.fc22 / rubygem-activemodel-4.2.0-2.fc22 (2016-94e71ee673)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-F486068393.NASL
    descriptionSecurity fix for CVE-2015-7581 Security fix for CVE-2016-0751 Security fix for CVE-2015-7576 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89640
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89640
    titleFedora 23 : rubygem-actionpack-4.2.3-4.fc23 (2016-f486068393)

Redhat

advisories
rhsa
idRHSA-2016:0296
rpms
  • rh-ror41-rubygem-actionpack-1:4.1.5-3.el6
  • rh-ror41-rubygem-actionpack-1:4.1.5-3.el7
  • rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el6
  • rh-ror41-rubygem-actionpack-doc-1:4.1.5-3.el7
  • rh-ror41-rubygem-actionview-0:4.1.5-4.el6
  • rh-ror41-rubygem-actionview-0:4.1.5-4.el7
  • rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el6
  • rh-ror41-rubygem-actionview-doc-0:4.1.5-4.el7
  • rh-ror41-rubygem-activemodel-0:4.1.5-2.el6
  • rh-ror41-rubygem-activemodel-0:4.1.5-2.el7
  • rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el6
  • rh-ror41-rubygem-activemodel-doc-0:4.1.5-2.el7
  • rh-ror41-rubygem-activerecord-1:4.1.5-2.el6
  • rh-ror41-rubygem-activerecord-1:4.1.5-2.el7
  • rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el6
  • rh-ror41-rubygem-activerecord-doc-1:4.1.5-2.el7
  • rh-ror41-rubygem-activesupport-1:4.1.5-3.el6
  • rh-ror41-rubygem-activesupport-1:4.1.5-3.el7
  • ror40-rubygem-actionpack-1:4.0.2-7.el6
  • ror40-rubygem-actionpack-1:4.0.2-7.el7
  • ror40-rubygem-actionpack-doc-1:4.0.2-7.el6
  • ror40-rubygem-actionpack-doc-1:4.0.2-7.el7
  • ror40-rubygem-activerecord-1:4.0.2-6.el6
  • ror40-rubygem-activerecord-1:4.0.2-6.el7
  • ror40-rubygem-activerecord-doc-1:4.0.2-6.el6
  • ror40-rubygem-activerecord-doc-1:4.0.2-6.el7
  • ror40-rubygem-activesupport-1:4.0.2-4.el6
  • ror40-rubygem-activesupport-1:4.0.2-4.el7
  • ruby193-rubygem-actionpack-1:3.2.8-16.el6
  • ruby193-rubygem-actionpack-1:3.2.8-16.el7
  • ruby193-rubygem-actionpack-doc-1:3.2.8-16.el6
  • ruby193-rubygem-actionpack-doc-1:3.2.8-16.el7
  • ruby193-rubygem-activerecord-1:3.2.8-11.el6
  • ruby193-rubygem-activerecord-1:3.2.8-11.el7
  • ruby193-rubygem-activerecord-doc-1:3.2.8-11.el6
  • ruby193-rubygem-activerecord-doc-1:3.2.8-11.el7
  • ruby193-rubygem-activesupport-1:3.2.8-6.el6
  • ruby193-rubygem-activesupport-1:3.2.8-6.el7

References