Summary
This host is running Ruby on Rails and is prone to cross site request forgery vulnerabilities.
Impact
Successful exploitation will allow attackers to conduct cross site request forgery attacks by using combinations of browser plugins and HTTP redirections.
Impact Level: Application
Solution
Upgrade to Ruby on Rails version 3.0.4 or 2.3.11.
For updates refer to http://rubyonrails.org/download
Insight
The flaw is caused by input validation errors in the CSRF protection feature, which could allow attackers to conduct cross site request forgery attacks by using combinations of browser plugins and HTTP redirections.
Affected
Ruby on Rails versions 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4
References
Severity
Classification
-
CVE CVE-2011-0447 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Apache Struts2 showcase namespace XSS Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability