Denial of Service in Action View of Ruby on Rails
CVE-2013-6414

Currently unrated

Key Information:

Vendor: Rubyonrails
Status: Rails
Vendor: CVE Published:; 7 December 2013

🔔 Create Rubyonrails Vulnerability Alert

What is CVE-2013-6414?

A vulnerability in Action View of Ruby on Rails allows remote attackers to trigger excessive memory consumption by sending a header with an invalid MIME type. This mischaracterization leads to a denial of service as the system becomes overwhelmed with excessive caching demands, affecting the availability of the application. It is crucial for users running affected versions to apply the necessary updates to mitigate the risks associated with this vulnerability.

References

http://rhn.redhat.com/errata/RHSA-2014-0008.html

vendor-advisoryx_refsource_REDHAT

http://lists.opensuse.org/opensuse-updates/2013-12/msg000...

vendor-advisoryx_refsource_SUSE

http://secunia.com/advisories/57836

third-party-advisoryx_refsource_SECUNIA

EPSS Score

70% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2013
Vulnerability Reserved
Nov 4, 2013