1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Ruby On Rails Information Disclosure CVE-2019-5418

Web Attack: Ruby On Rails Information Disclosure CVE-2019-5418

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit an information disclosure vulnerability in Ruby on Rails.

Additional Information

There is a file content disclosure vulnerability in Action View in Ruby on Rails. Specially crafted accept headers in combination with calls to render file can cause arbitrary files on the target server to be rendered, disclosing the file contents.

Affected

  • Various Ruby on Rails versions.

Response


  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube