ID de Prueba:	1.3.6.1.4.1.25623.1.0.809356
Categoría:	Web application abuses
Título:	Ruby on Rails Multiple Vulnerabilities-01 Oct16 (Windows)
Resumen:	Ruby on Rails is prone to multiple vulnerabilities.
Descripción:	Summary: Ruby on Rails is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Directory traversal vulnerability in Action View. - The script 'actionpack/lib/action_dispatch/http/mime_type.rb' does not properly restrict use of the MIME type cache. - The http_basic_authenticate_with method in 'actionpack/lib/action_controller/metal/http_authentication.rb' does not use a constant-time algorithm for verifying credentials. Vulnerability Impact: Successful exploitation will allow a remote attacker to read arbitrary files by leveraging an application's unrestricted use of the render method, to cause a denial of service. Affected Software/OS: Ruby on Rails before 3.2.22.1, Ruby on Rails 4.0.x and 4.1.x before 4.1.14.1 and Ruby on Rails 4.2.x before 4.2.5.1 on Windows. Solution: Upgrade to Ruby on Rails 3.2.22.1 or 4.1.14.1 or 4.2.5.1, or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	BugTraq ID: 81801 BugTraq ID: 81800 BugTraq ID: 81803 Common Vulnerability Exposure (CVE) ID: CVE-2016-0752 http://www.securityfocus.com/bid/81801 Debian Security Information: DSA-3464 (Google Search) http://www.debian.org/security/2016/dsa-3464 https://www.exploit-db.com/exploits/40561/ http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html http://www.openwall.com/lists/oss-security/2016/01/25/13 https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ RedHat Security Advisories: RHSA-2016:0296 http://rhn.redhat.com/errata/RHSA-2016-0296.html http://www.securitytracker.com/id/1034816 SuSE Security Announcement: SUSE-SU-2016:1146 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html SuSE Security Announcement: openSUSE-SU-2016:0363 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html SuSE Security Announcement: openSUSE-SU-2016:0372 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html Common Vulnerability Exposure (CVE) ID: CVE-2016-0751 http://www.securityfocus.com/bid/81800 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html http://www.openwall.com/lists/oss-security/2016/01/25/9 https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ Common Vulnerability Exposure (CVE) ID: CVE-2015-7576 http://www.securityfocus.com/bid/81803 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html http://www.openwall.com/lists/oss-security/2016/01/25/8 https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.