ID de Prueba:	1.3.6.1.4.1.25623.1.0.901184
Categoría:	Web application abuses
Título:	Ruby on Rails CSRF Vulnerability
Resumen:	Ruby on Rails is prone to cross-site request forgery (CSRF); vulnerabilities.
Descripción:	Summary: Ruby on Rails is prone to cross-site request forgery (CSRF) vulnerabilities. Vulnerability Insight: The flaw is caused by input validation errors in the CSRF protection feature, which could allow attackers to conduct cross site request forgery attacks by using combinations of browser plugins and HTTP redirections. Vulnerability Impact: Successful exploitation will allow attackers to conduct cross site request forgery attacks by using combinations of browser plugins and HTTP redirections. Affected Software/OS: Ruby on Rails versions 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4. Solution: Upgrade to Ruby on Rails version 3.0.4 or 2.3.11. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0447 BugTraq ID: 46291 http://www.securityfocus.com/bid/46291 Debian Security Information: DSA-2247 (Google Search) http://www.debian.org/security/2011/dsa-2247 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain http://www.securitytracker.com/id?1025060 http://secunia.com/advisories/43274 http://secunia.com/advisories/43666 http://www.vupen.com/english/advisories/2011/0587 http://www.vupen.com/english/advisories/2011/0877
Copyright	Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.