ID de Prueba:	1.3.6.1.4.1.25623.1.0.901187
Categoría:	Web application abuses
Título:	Ruby on Rails Security Bypass and SQL Injection Vulnerabilities
Resumen:	Ruby on Rails is prone to security bypass and SQL injection vulnerabilities.
Descripción:	Summary: Ruby on Rails is prone to security bypass and SQL injection vulnerabilities. Vulnerability Insight: - The filtering code does not properly work for case insensitive file systems, which can be exploited to bypass the filter by varying the case in certain action parameters. - Input passed to the 'limit()' function is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Vulnerability Impact: Successful exploitation will allow attackers to bypass certain security restrictions and conduct SQL injection attacks. Affected Software/OS: Ruby on Rails versions 3.x before 3.0.4. Solution: Upgrade to Ruby on Rails version 3.0.4 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0448 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474 http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain http://securitytracker.com/id?1025063 http://secunia.com/advisories/43278 http://www.vupen.com/english/advisories/2011/0877 Common Vulnerability Exposure (CVE) ID: CVE-2011-0449 http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain http://securitytracker.com/id?1025061
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.