VIR Vulnerability Intelligence Relay

CVE-2013-6414

medium
Published 2013-12-03 ยท Modified 2024-11-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
6.0

Description

actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service (memory consumption) via a header containing an invalid MIME type that leads to excessive caching.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Metasploit modules

auxiliary_dos/http/rails_action_view rank 300
Ruby on Rails Action View MIME Memory Exhaustion
Source fetch failed: fetch_error โ€” view the original via the link above.

OS impact
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 0
sid Fixed 0
forky Fixed 0
bullseye Fixed 0
bookworm Fixed 0

Package impact
EcosystemPackageVulnerableFixed
ruby RubyGemsactionpack!~> 2.3.0||<~> 3.2.16~> 3.2.16
ruby RubyGemsactionpack>=3.0.0,<3.2.163.2.16
ruby RubyGemsactionpack>=4.0.0,<4.0.24.0.2

Application impact
VendorProductVersionsFixed
rubyonrailsrails{"endIncluding":"4.0.1"}
rubyonrailsrails4.0.0
rubyonrailsrails4.0.1
rubyonrailsrails3.0.0
rubyonrailsrails3.0.1
rubyonrailsrails3.0.2
rubyonrailsrails3.0.3
rubyonrailsrails3.0.4
rubyonrailsrails3.0.5
rubyonrailsrails3.0.6
rubyonrailsrails3.0.7
rubyonrailsrails3.0.8
rubyonrailsrails3.0.9
rubyonrailsrails3.0.10
rubyonrailsrails3.0.11
rubyonrailsrails3.0.12
rubyonrailsrails3.0.13
rubyonrailsrails3.0.14
rubyonrailsrails3.0.16
rubyonrailsrails3.0.17
rubyonrailsrails3.0.18
rubyonrailsrails3.0.19
rubyonrailsrails3.0.20
rubyonrailsrails3.1.0
rubyonrailsrails3.1.1
rubyonrailsrails3.1.2
rubyonrailsrails3.1.3
rubyonrailsrails3.1.4
rubyonrailsrails3.1.5
rubyonrailsrails3.1.6
rubyonrailsrails3.1.7
rubyonrailsrails3.1.8
rubyonrailsrails3.1.9
rubyonrailsrails3.1.10
rubyonrailsrails3.2.0
rubyonrailsrails3.2.1
rubyonrailsrails3.2.2
rubyonrailsrails3.2.3
rubyonrailsrails3.2.4
rubyonrailsrails3.2.5
rubyonrailsrails3.2.6
rubyonrailsrails3.2.7
rubyonrailsrails3.2.8
rubyonrailsrails3.2.9
rubyonrailsrails3.2.10
rubyonrailsrails3.2.11
rubyonrailsrails3.2.12
rubyonrailsrails3.2.13
rubyonrailsruby_on_rails{"endIncluding":"3.2.15"}
rubyonrailsruby_on_rails3.0.4
rubyonrailsruby_on_rails3.1.11
rubyonrailsruby_on_rails3.2.14
rubyonrailsruby_on_rails3.2.15

References

CWEs

CWE-20

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.