Exploit for a critical vulnerability in Ruby on Rails

Posted: January 11, 2013 in IT Security News, Security Notices
Tags: , ,


Exploit for Ruby on Rails

In the web there are first reports of web-servers affected by hackers.

Since the disclosure of the critical gaps in the framework, Ruby on Rails web appeared not only exploits using this vulnerability, but the first reports of compromised with it web-servers. To date, the Metasploit module has appeared appropriate.

Note that this gap is extremely dangerous because it affects the very large number of applications and servers. Server administrators with Rails applications should update their software to the latest version. Recall that the updates that address just two holes, the developers have been published on Wednesday, January 9.

The vulnerability lies in the fact that the remote attacker can send data to the application as a POST request, and thus proekspluatirovat it. While Brescia affects all media in which the XML parser is active (default is active.)

At the moment the gap is fixed in these versions of Ruby on Rails, as 3.2.11, 3.1.10, 3.0.19 and 2.3.15.

A detailed description of vulnerabilities can be found here .

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s