Denial of Service Vulnerability in Ruby on Rails Action View for MIME Type Handling
CVE-2014-0082

Currently unrated

Key Information:

Vendor: Rubyonrails
Status: Ruby On Rails; Rails
Vendor: CVE Published:; 20 February 2014

🔔 Create Rubyonrails Vulnerability Alert

What is CVE-2014-0082?

A vulnerability exists in the Action View component of Ruby on Rails versions below 3.2.17, which improperly converts MIME type strings to symbols when using the :text option in the render method. This flaw allows remote attackers to exploit the system, leading to a denial of service through excessive memory consumption if specially crafted strings are sent in headers.

References

https://groups.google.com/forum/message/raw?msg=rubyonrai...

mailing-listx_refsource_MLIST

http://rhn.redhat.com/errata/RHSA-2014-0215.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/57836

third-party-advisoryx_refsource_SECUNIA

EPSS Score

6% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2014
Vulnerability Reserved
Dec 3, 2013