Vulnerability identifier: #VU8585
Vulnerability risk: Low
Exploitation vector: Network
Exploit availability: No
The vulnerability allows a remote attacker to perform a denial of service (DoS). attack.
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 220.127.116.11, 4.0.x and 4.1.x before 18.104.22.168, 4.2.x before 22.214.171.124, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.
Update to version 126.96.36.199, 188.8.131.52 or 184.108.40.206.
Vulnerable software versions
Ruby on Rails: 3.1.0 - 4.2.5 rc2
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?