Summary
This host is running Ruby on Rails and is prone to security bypass vulnerability.
Impact
Successful exploitation will allow attackers to manipulate arbitrary records.
Impact Level: Application
Solution
Upgrade to Ruby On Rails version 3.0.1 or 2.3.10
For updates refer to http://rubyonrails.org/download
Insight
The flaw is due to an input validation error when handling nested attributes, which can be exploited to manipulate arbitrary records by changing form input parameter names.
Affected
Ruby on Rails versions 2.3.9 and 3.0.0
References
Severity
Classification
-
CVE CVE-2010-3933 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- Apache Tiles Multiple XSS Vulnerability
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability