High severity7.5NVD Advisory· Published Feb 16, 2016· Updated Jun 17, 2026
CVE-2016-0751
CVE-2016-0751
Description
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
actionpackRubyGems | >= 4.2.0, < 4.2.5.1 | 4.2.5.1 |
actionpackRubyGems | < 3.2.22.1 | 3.2.22.1 |
actionpackRubyGems | >= 4.0.0, < 4.1.14.1 | 4.1.14.1 |
Affected products
86cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*+ 59 more
- cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*range: <=3.2.22
- cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:*:*:*:*:*:*:*
- ghsa-coords18 versionspkg:gem/actionpackpkg:rpm/suse/libjansson&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/libjansson&distro=SUSE%20Studio%20Onsite%20Runner%201.3pkg:rpm/suse/portus&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/qemu-ext2&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/qemu-ext2&distro=SUSE%20Studio%20Onsite%20Runner%201.3pkg:rpm/suse/rubygem-actionpack-3_2&distro=SUSE%20Lifecycle%20Management%20Server%201.3pkg:rpm/suse/rubygem-actionpack-3_2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/rubygem-actionpack-3_2&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/rubygem-actionpack-3_2&distro=SUSE%20WebYast%201.3pkg:rpm/suse/rubygem-actionpack-4_1&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/rubygem-actionpack-4_2&distro=SUSE%20Enterprise%20Storage%202.1pkg:rpm/suse/rubygem-bundler19&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/rubygem-bundler19&distro=SUSE%20Studio%20Onsite%20Runner%201.3pkg:rpm/suse/studio-help&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/studio-help&distro=SUSE%20Studio%20Onsite%20Runner%201.3pkg:rpm/suse/susestudio&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/susestudio&distro=SUSE%20Studio%20Onsite%20Runner%201.3
>= 4.2.0, < 4.2.5.1+ 17 more
- (no CPE)range: >= 4.2.0, < 4.2.5.1
- (no CPE)range: < 2.2.1-0.9.11.6
- (no CPE)range: < 2.2.1-0.9.11.6
- (no CPE)range: < 2.0.3-2.4
- (no CPE)range: < 0.1.1-0.9.4.19
- (no CPE)range: < 0.1.1-0.9.4.19
- (no CPE)range: < 3.2.12-0.23.1
- (no CPE)range: < 3.2.12-0.23.1
- (no CPE)range: < 3.2.12-0.23.1
- (no CPE)range: < 3.2.12-0.23.1
- (no CPE)range: < 4.1.9-9.1
- (no CPE)range: < 4.2.2-6.1
- (no CPE)range: < 1.7.0-0.13.10
- (no CPE)range: < 1.7.0-0.13.10
- (no CPE)range: < 1.3.20-0.6.9
- (no CPE)range: < 1.3.20-0.6.9
- (no CPE)range: < 1.3.14-52.1
- (no CPE)range: < 1.3.14-52.1
Patches
Vulnerability mechanics
References
20- github.com/advisories/GHSA-ffpv-c4hm-3x6vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-0751ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.htmlnvdWEB
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.htmlnvdWEB
- lists.opensuse.org/opensuse-updates/2016-02/msg00034.htmlnvdWEB
- lists.opensuse.org/opensuse-updates/2016-02/msg00043.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2016-0296.htmlnvdWEB
- www.debian.org/security/2016/dsa-3464nvdWEB
- www.openwall.com/lists/oss-security/2016/01/25/9nvdWEB
- github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17ghsaWEB
- github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6ghsaWEB
- github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0afghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.ymlghsaWEB
- groups.google.com/forum/ghsaWEB
- groups.google.com/forum/message/rawnvdWEB
- web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816ghsaWEB
- web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800ghsaWEB
- www.securityfocus.com/bid/81800nvd
- www.securitytracker.com/id/1034816nvd
News mentions
0No linked articles in our index yet.