← Retour aux CVEs
CVE-2016-0752
HIGHCISA KEV7.5
Description
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
Details CVE
Score CVSS v3.17.5
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/16/2016
Derniere modification4/22/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurRails
ProduitRuby on Rails
Nom vulnerabiliteRuby on Rails Directory Traversal Vulnerability
Date ajout KEV2022-03-25
Date limite remediation2022-04-15
Utilise dans ransomwareUnknown
Produits affectes
debian:debian_linuxopensuse:leapopensuse:opensuseredhat:software_collectionsrubyonrails:railssuse:linux_enterprise_module_for_containers
Faiblesses (CWE)
CWE-22CWE-22
References
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html(secalert@redhat.com)
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2016-0296.html(secalert@redhat.com)
http://www.debian.org/security/2016/dsa-3464(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2016/01/25/13(secalert@redhat.com)
http://www.securityfocus.com/bid/81801(secalert@redhat.com)
http://www.securitytracker.com/id/1034816(secalert@redhat.com)
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ(secalert@redhat.com)
https://www.exploit-db.com/exploits/40561/(secalert@redhat.com)
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-0296.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3464(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/01/25/13(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/81801(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1034816(af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40561/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.