7 matches found
Exploit for Improper Access Control in Rubyonrails Web_Console
CVE-2015-3...
Ruby on Rails Web Console (v2) Whitelist Bypass Code Execution
This module exploits an IP whitelist bypass vulnerability in the developer web console included with Ruby on Rails 4.0.x and 4.1.x. This module will also achieve code execution on Rails 4.2.x if the attack is launched from a whitelisted IP range. This module requires Metasploit:...
Ruby on Rails Web Console IP 白名单安全模式绕过
IP whitelist bypass in Web Console There is a remote code execution vulnerability in Web Console. This vulnerability has been assigned the CVE identifier CVE-2015-3224. Versions Affected: All Not affected: Environments inaccessible from remote IPs, or without Web Console enabled Fixed Versions:...
CVE-2015-3224
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelistedips protection mechanism via a crafted request...
CVE-2015-3224
CVE-2015-3224 affects Ruby on Rails Web Console (Web Console) prior to 2.1.3 when used with Rails 3.x/4.x. The root cause is improper restriction of X-Forwarded-For headers, allowing remote bypass of the whitelisted_ips protection via a crafted request. Exploitation is demonstrated in public advi...
CVE-2015-3224
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelistedips protection mechanism via a crafted request...
FreeBSD : rubygem-rails -- multiple vulnerabilities (eb8a8978-8dd5-49ce-87f4-49667b2166dd)
Ruby on Rails blog : Rails 3.2.22, 4.1.11 and 4.2.2 have been released, along with web console and jquery-rails plugins and Rack 1.5.4 and 1.6.2. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...