Test Kennung:	1.3.6.1.4.1.25623.1.0.809354
Kategorie:	Web application abuses
Titel:	Ruby on Rails Action View 'render' Directory Traversal Vulnerability (Windows)
Zusammenfassung:	This host is running Ruby on Rails and is; prone to directory traversal vulnerability.
Beschreibung:	Summary: This host is running Ruby on Rails and is prone to directory traversal vulnerability. Vulnerability Insight: The flaw is due to an improper validation of crafted requests to action view, one of the components of action pack. Vulnerability Impact: Successful exploitation will allow a remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method. Affected Software/OS: Ruby on Rails before 3.2.22.2, Ruby on Rails 4.x before 4.1.14.2 on Windows. Solution: Upgrade to Ruby on Rails 3.2.22.2 or 4.1.14.2 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	BugTraq ID: 83726 Common Vulnerability Exposure (CVE) ID: CVE-2016-2097 http://www.securityfocus.com/bid/83726 Debian Security Information: DSA-3509 (Google Search) http://www.debian.org/security/2016/dsa-3509 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ http://www.securitytracker.com/id/1035122 SuSE Security Announcement: SUSE-SU-2016:0854 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html SuSE Security Announcement: SUSE-SU-2016:0967 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html SuSE Security Announcement: openSUSE-SU-2016:0835 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.