Описание
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.
A flaw was found in the way the Action Pack component performed MIME type lookups. Since queries were cached in a global cache of MIME types, an attacker could use this flaw to grow the cache indefinitely, potentially resulting in a denial of service.
Меры по смягчению последствий
Use following code to monkey-patch mime types cache and disable caching.
Alternatively perform filtering of mime types in the Accept header to allow only known types.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5.2 | ruby193-rubygem-actionpack | Will not fix | ||
| CloudForms Management Engine 5.3 | ruby193-rubygem-actionpack | Will not fix | ||
| Red Hat Subscription Asset Manager | ruby193-rubygem-actionpack | Will not fix | ||
| Red Hat Subscription Asset Manager | rubygem-actionpack | Will not fix | ||
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-ror41-rubygem-actionpack | Fixed | RHSA-2016:0296 | 24.02.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-ror41-rubygem-actionview | Fixed | RHSA-2016:0296 | 24.02.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-ror41-rubygem-activemodel | Fixed | RHSA-2016:0296 | 24.02.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-ror41-rubygem-activerecord | Fixed | RHSA-2016:0296 | 24.02.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-ror41-rubygem-activesupport | Fixed | RHSA-2016:0296 | 24.02.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | ror40-rubygem-actionpack | Fixed | RHSA-2016:0454 | 15.03.2016 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Rub ...
actionpack is vulnerable to denial of service via a crafted HTTP Accept header
Уязвимость программной платформы Ruby on Rails, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4.3 Medium
CVSS2