|
Family: CGI abuses --> Category: mixed
Ruby on Rails Routing Denial of Service Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to hang Ruby on Rails
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected by a code evaluation issue.
Description :
The remote web server appears to be using a version of Ruby on Rails,
an open-source web framework, that has a flaw in its routing code that
can lead to the the evaluation of Ruby code through the URL.
Successful exploitation of this issue can result in a denial of
service or even data loss.
See also :
http://weblog.rubyonrails.com/2006/8/10/rails-1-1-6-backports-and-full-disclosure
Solution :
Either apply the appropriate patch referenced in the vendor advisory
above or upgrade to Ruby on Rails 1.1.6 or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|