Web application abuses : Ruby on Rails Logfile Injection Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801765

Categoría: Web application abuses

Título: Ruby on Rails Logfile Injection Vulnerability

Resumen: Ruby on Rails is prone to file injection vulnerability.

Descripción: Summary:
Ruby on Rails is prone to file injection vulnerability.

Vulnerability Insight:
The flaw is due to input validation error for the
'X-Forwarded-For' field in the header.

Vulnerability Impact:
Successful exploitation will allow attackers to inject arbitrary
data into the affected HTTP header field, attackers may be able to launch cross-site request-forgery,
cross-site scripting, HTML-injection, and other attacks.

Affected Software/OS:
Ruby on Rails version 3.0.5.

Solution:
No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-3187
20110216 Ruby on Rails Vulnerability
http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html
[oss-security] 20110817 CVE request: ruby on rails flaws (4)
http://www.openwall.com/lists/oss-security/2011/08/17/1
[oss-security] 20110819 Re: CVE request: ruby on rails flaws (4)
http://www.openwall.com/lists/oss-security/2011/08/19/11
[oss-security] 20110820 Re: CVE request: ruby on rails flaws (4)
http://www.openwall.com/lists/oss-security/2011/08/20/1
[oss-security] 20110822 Re: CVE request: ruby on rails flaws (4)
http://www.openwall.com/lists/oss-security/2011/08/22/13
http://www.openwall.com/lists/oss-security/2011/08/22/14
http://www.openwall.com/lists/oss-security/2011/08/22/5
http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html
https://bugzilla.novell.com/show_bug.cgi?id=673010

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801765
Categoría:	Web application abuses
Título:	Ruby on Rails Logfile Injection Vulnerability
Resumen:	Ruby on Rails is prone to file injection vulnerability.
Descripción:	Summary: Ruby on Rails is prone to file injection vulnerability. Vulnerability Insight: The flaw is due to input validation error for the 'X-Forwarded-For' field in the header. Vulnerability Impact: Successful exploitation will allow attackers to inject arbitrary data into the affected HTTP header field, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks. Affected Software/OS: Ruby on Rails version 3.0.5. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3187 20110216 Ruby on Rails Vulnerability http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0337.html [oss-security] 20110817 CVE request: ruby on rails flaws (4) http://www.openwall.com/lists/oss-security/2011/08/17/1 [oss-security] 20110819 Re: CVE request: ruby on rails flaws (4) http://www.openwall.com/lists/oss-security/2011/08/19/11 [oss-security] 20110820 Re: CVE request: ruby on rails flaws (4) http://www.openwall.com/lists/oss-security/2011/08/20/1 [oss-security] 20110822 Re: CVE request: ruby on rails flaws (4) http://www.openwall.com/lists/oss-security/2011/08/22/13 http://www.openwall.com/lists/oss-security/2011/08/22/14 http://www.openwall.com/lists/oss-security/2011/08/22/5 http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html https://bugzilla.novell.com/show_bug.cgi?id=673010
Copyright	Copyright (C) 2011 Greenbone AG