1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Ruby on Rails CVE-2013-0156

Attack: Ruby on Rails CVE-2013-0156

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a remote code execution vulnerability in Ruby on Rails.

Additional Information

Ruby on Rails is a web application framework for multiple platforms.

Ruby on Rails is prone to a security-bypass vulnerability, an SQL-injection vulnerability, a denial-of service vulnerability, and an arbitrary code execution vulnerability due to multiple weaknesses in the parameter parsing code. Specifically, these issues affect the Action Pack.

An attacker can exploit these vulnerabilities to bypass certain security restrictions, execute arbitrary code in the context of the affected application, exploit latent vulnerabilities in the underlying database, deny service to legitimate users, or perform unauthorized actions. Other attacks are also possible.

Affected

  • Ruby on Rails Ruby on Rails 3.2.4
  • Ruby on Rails Ruby on Rails 3.2.2
  • Ruby on Rails Ruby on Rails 3.1.5
  • Ruby on Rails Ruby on Rails 3.1.4
  • Ruby on Rails Ruby on Rails 3.1.2
  • Ruby on Rails Ruby on Rails 3.0.13
  • Ruby on Rails Ruby on Rails 3.0.12
  • Ruby on Rails Ruby on Rails 3.0.11
  • Ruby on Rails Ruby on Rails 3.0.1
  • Ruby on Rails Ruby on Rails 2.3.11
  • Ruby on Rails Ruby on Rails 2.3.10
  • Ruby on Rails Ruby on Rails 3.0.10
  • Ruby on Rails Ruby on Rails 2.3.14
  • Ruby on Rails Ruby on Rails 2.3.13
  • Ruby on Rails Ruby on Rails 2.3.12
  • Debian Linux 6.0 sparc
  • Debian Linux 6.0 s/390
  • Debian Linux 6.0 powerpc
  • Debian Linux 6.0 mips
  • Debian Linux 6.0 ia-64
  • Debian Linux 6.0 ia-32
  • Debian Linux 6.0 arm
  • Debian Linux 6.0 amd64
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube