TROYANOSYVIRUS
Voltar para CVEs

CVE-2011-0449

N/A

Descricao

actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.

Detalhes CVE

Pontuacao CVSS v3.1N/A
Publicado2/21/2011
Ultima modificacao4/29/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

rubyonrails:rails

Fraquezas (CWE)

CWE-264

Referencias

http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain(cve@mitre.org)
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html(cve@mitre.org)
http://secunia.com/advisories/43278(cve@mitre.org)
http://securitytracker.com/id?1025061(cve@mitre.org)
http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4(cve@mitre.org)
http://www.vupen.com/english/advisories/2011/0877(cve@mitre.org)
http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain(af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43278(af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1025061(af854a3a-2127-422b-91ae-364da2661108)
http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0877(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.