vulnerability

OS X security update for Profile Manager (CVE-2016-0751)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Feb 15, 2016

Added

Mar 28, 2017

Modified

Mar 27, 2026

Description

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.

References

CVE-2016-0751
https://attackerkb.com/topics/CVE-2016-0751
EUVD-EUVD-2017-0226
http://support.apple.com/kb/HT207604
https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-0226

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report