PT-2013-6037 · Ruby+1 · Ruby On Rails+1

Toby Hsieh

Published

2013-12-07

Updated

2019-08-08

CVE-2013-6414

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Action View in Ruby on Rails versions 3.x through 3.2.15 Action View in Ruby on Rails versions 4.x through 4.0.1

Description The issue allows remote attackers to cause a denial of service, resulting in memory consumption, via a header containing an invalid MIME type that leads to excessive caching. This occurs due to a problem in actionpack/lib/action view/lookup context.rb.

Recommendations For Action View in Ruby on Rails versions 3.x through 3.2.15, update to version 3.2.16 or later. For Action View in Ruby on Rails versions 4.x through 4.0.1, update to version 4.0.2 or later.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2013-6414

DSA-2888-1

GHSA-MPXF-GCW2-PW5Q

RHSA-2013:1794

RHSA-2014:0008

Affected Products

Ruby On Rails

Suse

PT-2013-6037 · Ruby+1 · Ruby On Rails+1

CVE-2013-6414

Weakness Enumeration

Related Identifiers

Affected Products

References · 25