Summary
The host is running Ruby on Rails, which is prone to HTTP Header Injection Vulnerability.
Impact
Successful attack could lead to execution of arbitrary HTML or scripting code in the context of an affected application or allow Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS) and HTTP Request Smuggling Attacks.
Impact Level: Application
Solution
Upgrade to higher Version or Apply patches from,
http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
Input passed to the redirect_to() function is not properly sanitized before being used.
Affected
Ruby on Rails Version before 2.0.5 on Linux.
References
Severity
Classification
-
CVE CVE-2008-5189 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Admidio get_file.php Remote File Disclosure Vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- A Really Simple Chat Multiple XSS Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability