Summary
This host is running Ruby on Rails and is prone to cross site request forgery vulnerabilities.
Impact
Successful exploitation will allow attackers to conduct cross site request forgery attacks by using combinations of browser plugins and HTTP redirections.
Impact Level: Application
Solution
Upgrade to Ruby on Rails version 3.0.4 or 2.3.11.
For updates refer to http://rubyonrails.org/download
Insight
The flaw is caused by input validation errors in the CSRF protection feature, which could allow attackers to conduct cross site request forgery attacks by using combinations of browser plugins and HTTP redirections.
Affected
Ruby on Rails versions 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4
References
Severity
Classification
-
CVE CVE-2011-0447 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- AMSI 'file' Parameter Directory Traversal Vulnerability
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- Apache Tomcat Information Disclosure Vulnerability
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities