Summary
This host is running Ruby on Rails and is prone to security bypass vulnerability.
Impact
Successful exploitation will allow attackers to manipulate arbitrary records.
Impact Level: Application
Solution
Upgrade to Ruby On Rails version 3.0.1 or 2.3.10
For updates refer to http://rubyonrails.org/download
Insight
The flaw is due to an input validation error when handling nested attributes, which can be exploited to manipulate arbitrary records by changing form input parameter names.
Affected
Ruby on Rails versions 2.3.9 and 3.0.0
References
Severity
Classification
-
CVE CVE-2010-3933 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Apache Solr Directory Traversal Vulnerability Jan-14
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- aeNovo Database Content Disclosure Vulnerability