Lucene search

K
saintSAINT CorporationSAINT:CE3D4DD89AD93E07E9236060DF64D24F
HistoryNov 11, 2016 - 12:00 a.m.

Ruby on Rails Dynamic Render code execution

2016-11-1100:00:00
SAINT Corporation
my.saintcorporation.com
66

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.974 High

EPSS

Percentile

99.9%

Added: 11/11/2016
CVE: CVE-2016-0752
BID: 81801

Background

Ruby on Rails is a web application framework written in Ruby.

Problem

A vulnerability in Ruby on Rails allows arbitrary code to be uploaded and executed on the server if the application endpoint users dynamic render paths.

Resolution

Upgrade to Ruby on Rails 3.2.22.1, 4.1.14.1, 4.2.5.1, or higher.

References

<https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/&gt;

Limitations

Exploit works on Linux. The **wget** program must exist on the target. The URL path to an endpoint which uses dynamic render paths must be specified.

Platforms

Linux

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.974 High

EPSS

Percentile

99.9%

Related for SAINT:CE3D4DD89AD93E07E9236060DF64D24F