← Zuruck zu CVEs
CVE-2016-0752
HIGHCISA KEV7.5
Beschreibung
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/16/2016
Zuletzt geandert4/22/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerRails
ProduktRuby on Rails
SchwachstellennameRuby on Rails Directory Traversal Vulnerability
KEV Aufnahmedatum2022-03-25
Behebungsfrist2022-04-15
Ransomware-NutzungUnknown
Betroffene Produkte
debian:debian_linuxopensuse:leapopensuse:opensuseredhat:software_collectionsrubyonrails:railssuse:linux_enterprise_module_for_containers
Schwachen (CWE)
CWE-22CWE-22
Referenzen
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html(secalert@redhat.com)
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2016-0296.html(secalert@redhat.com)
http://www.debian.org/security/2016/dsa-3464(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2016/01/25/13(secalert@redhat.com)
http://www.securityfocus.com/bid/81801(secalert@redhat.com)
http://www.securitytracker.com/id/1034816(secalert@redhat.com)
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ(secalert@redhat.com)
https://www.exploit-db.com/exploits/40561/(secalert@redhat.com)
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-0296.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3464(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/01/25/13(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/81801(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1034816(af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40561/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.