Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rubygemsRubySecRUBY:WEB-CONSOLE-2015-3224
HistoryJun 15, 2015 - 9:00 p.m.

IP whitelist bypass in Web Console

2015-06-1521:00:00
RubySec
groups.google.com
8

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Specially crafted remote requests can spoof their origin, bypassing the IP whitelist, in any environment where Web Console is enabled (development and test, by default).

Users whose application is only accessible from localhost (as is the default behaviour in Rails 4.2) are not affected, unless a local proxy is involved.

All affected users should either upgrade or use one of the work arounds immediately.

To work around this issue, turn off web-console in all environments, by removing/commenting it from the applicationโ€™s Gemfile.

Affected configurations

Vulners
Node
rubyweb-consoleRangeโ‰ค2.1.3
VendorProductVersionCPE
rubyweb-console*cpe:2.3:a:ruby:web-console:*:*:*:*:*:*:*:*

Related

seebug 1
openvas 2
github 1
cve 1
nvd 1
nessus 2
nuclei 1
cvelist 1
osv 3
fedora 1
zdt 1
metasploit 1
prion 1
exploitdb 1
freebsd 1
seebug
seebug
Ruby on Rails Web Console IP ็™ฝๅๅ•ๅฎ‰ๅ…จๆจกๅผ็ป•่ฟ‡
2016-01-27 00:00:00
openvas
openvas
Fedora Update for rubygem-web-console FEDORA-2015-10128
2015-07-07 00:00:00
Ruby on Rails Web Console IP Whitelist Bypass RCE Vulnerability
2020-03-09 00:00:00
github
github
Web Console (Ruby gem) contains whitelisted_ips bypass
2017-10-24 18:33:36
cve
cve
CVE-2015-3224
2015-07-26 22:59:03
nvd
nvd
CVE-2015-3224
2015-07-26 22:59:03
nessus
nessus
Fedora 22 : rubygem-web-console-2.1.3-1.fc22 (2015-10128)
2015-06-30 00:00:00
FreeBSD : rubygem-rails -- multiple vulnerabilities (eb8a8978-8dd5-49ce-87f4-49667b2166dd)
2015-06-18 00:00:00
nuclei
nuclei
Ruby on Rails Web Console - Remote Code Execution
2022-04-26 21:55:12
cvelist
cvelist
CVE-2015-3224
2015-07-26 22:00:00
osv
osv
ruby3.2-rubygem-web-console-4.2.0-1.9 on GA media
2024-06-15 00:00:00
ruby3.3-rubygem-web-console-4.2.1-1.5 on GA media
2024-07-12 00:00:00
Web Console (Ruby gem) contains whitelisted_ips bypass
2017-10-24 18:33:36
fedora
fedora
[SECURITY] Fedora 22 Update: rubygem-web-console-2.1.3-1.fc22
2015-06-30 00:01:25
zdt
zdt
Ruby on Rails 4.0.x / 4.1.x / 4.2.x (Web Console v2) - Whitelist Bypass Code Execution Exploit
2017-03-23 00:00:00
metasploit
metasploit
Ruby on Rails Web Console (v2) Whitelist Bypass Code Execution
2016-05-02 07:31:14
prion
prion
Cross site request forgery (csrf)
2015-07-26 22:59:00
exploitdb
exploitdb
Ruby on Rails 4.0.x/4.1.x/4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit)
2015-06-16 00:00:00
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2015-06-16 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON
Related for RUBY:WEB-CONSOLE-2015-3224
seebug1openvas2github1cve1nvd1nessus2nuclei1cvelist1osv3fedora1zdt1metasploit1prion1exploitdb1freebsd1