← Volver a CVEs
CVE-2016-0752
HIGHCISA KEV7.5
Descripcion
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/16/2016
Ultima modificacion4/22/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorRails
ProductoRuby on Rails
Nombre vulnerabilidadRuby on Rails Directory Traversal Vulnerability
Fecha inclusion KEV2022-03-25
Fecha limite remediacion2022-04-15
Uso en ransomwareUnknown
Productos afectados
debian:debian_linuxopensuse:leapopensuse:opensuseredhat:software_collectionsrubyonrails:railssuse:linux_enterprise_module_for_containers
Debilidades (CWE)
CWE-22CWE-22
Referencias
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html(secalert@redhat.com)
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2016-0296.html(secalert@redhat.com)
http://www.debian.org/security/2016/dsa-3464(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2016/01/25/13(secalert@redhat.com)
http://www.securityfocus.com/bid/81801(secalert@redhat.com)
http://www.securitytracker.com/id/1034816(secalert@redhat.com)
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ(secalert@redhat.com)
https://www.exploit-db.com/exploits/40561/(secalert@redhat.com)
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-0296.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3464(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/01/25/13(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/81801(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1034816(af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40561/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.