← Voltar para CVEs
CVE-2016-0752
HIGHCISA KEV7.5
Descricao
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/16/2016
Ultima modificacao4/22/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorRails
ProdutoRuby on Rails
Nome da vulnerabilidadeRuby on Rails Directory Traversal Vulnerability
Data inclusao KEV2022-03-25
Prazo de remediacao2022-04-15
Uso em ransomwareUnknown
Produtos afetados
debian:debian_linuxopensuse:leapopensuse:opensuseredhat:software_collectionsrubyonrails:railssuse:linux_enterprise_module_for_containers
Fraquezas (CWE)
CWE-22CWE-22
Referencias
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html(secalert@redhat.com)
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html(secalert@redhat.com)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2016-0296.html(secalert@redhat.com)
http://www.debian.org/security/2016/dsa-3464(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2016/01/25/13(secalert@redhat.com)
http://www.securityfocus.com/bid/81801(secalert@redhat.com)
http://www.securitytracker.com/id/1034816(secalert@redhat.com)
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ(secalert@redhat.com)
https://www.exploit-db.com/exploits/40561/(secalert@redhat.com)
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-0296.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2016/dsa-3464(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/01/25/13(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/81801(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1034816(af854a3a-2127-422b-91ae-364da2661108)
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40561/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.