Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.809354 |
Kategorie: | Web application abuses |
Titel: | Ruby on Rails Action View 'render' Directory Traversal Vulnerability (Windows) |
Zusammenfassung: | This host is running Ruby on Rails and is; prone to directory traversal vulnerability. |
Beschreibung: | Summary: This host is running Ruby on Rails and is prone to directory traversal vulnerability. Vulnerability Insight: The flaw is due to an improper validation of crafted requests to action view, one of the components of action pack. Vulnerability Impact: Successful exploitation will allow a remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method. Affected Software/OS: Ruby on Rails before 3.2.22.2, Ruby on Rails 4.x before 4.1.14.2 on Windows. Solution: Upgrade to Ruby on Rails 3.2.22.2 or 4.1.14.2 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
Querverweis: |
BugTraq ID: 83726 Common Vulnerability Exposure (CVE) ID: CVE-2016-2097 http://www.securityfocus.com/bid/83726 Debian Security Information: DSA-3509 (Google Search) http://www.debian.org/security/2016/dsa-3509 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ http://www.securitytracker.com/id/1035122 SuSE Security Announcement: SUSE-SU-2016:0854 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html SuSE Security Announcement: SUSE-SU-2016:0967 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html SuSE Security Announcement: openSUSE-SU-2016:0835 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html |
Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |