Directory traversal in Ruby on Rails



Published: 2016-03-16
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2016-2097
CWE-ID CWE-22
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Ruby on Rails
Universal components / Libraries / Scripting languages

Vendor Rails

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Path traversal

EUVDB-ID: #VU8569

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2016-2097

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to read arbitrary files on the system.

The vulnerability exists due to improper input validation in Action View. A remote attacker can send a specially crafted request, containing directory traversal sequences (e.g. "../") and view contents of arbitrary file on vulnerable system.

The vulnerability exists due to incomplete fix of SB2016021701.

Mitigation

Update to version 3.2.22.2 or 4.1.14.2.

Vulnerable software versions

Ruby on Rails: 3.2.0 - 4.2.5 rc2


CPE2.3 External links

http://rubygems.org/gems/railslts-version/versions/3.2.22.2
http://access.redhat.com/errata/RHSA-2016:0454

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###