← back
CVE-2019-5418

CVE-2019-5418

CVSS 7.5 HIGHEPSS 98.5%● KEVCWE-22
In short

A vulnerability in Action View allows attackers to read arbitrary files from a server by sending specially crafted accept headers. This can expose sensitive data like configuration files or private keys.

Technical detail

Path traversal vulnerability in Action View's accept header handling (CWE-22) allows unauthenticated attackers to disclose arbitrary file contents through crafted HTTP headers without requiring authentication or special permissions. Affected versions: <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1, and v3.

Summary generated and translated by AI from the official description.
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Rails · https://github.com/rails/rails
public PoCs found13
githubgithub.com/mpgn/CVE-2019-5418201githubgithub.com/mpgn/Rails-doubletap-RCE133githubgithub.com/brompwnie/CVE-2019-5418-Scanner35githubgithub.com/random-robbie/CVE-2019-54185githubgithub.com/omarkurt/CVE-2019-54185githubgithub.com/Bad3r/RailroadBandit3githubgithub.com/kailing0220/CVE-2019-54182githubgithub.com/daehyeok0618/CVE-2019-54180githubgithub.com/ztgrace/CVE-2019-5418-Rails30githubgithub.com/melardev/CVE-2019-54180exploitdbwww.exploit-db.com/exploits/46585unverifiedcve_referencewww.exploit-db.com/exploits/46585/unverifiedcve_referencepacketstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.htmlhttp://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.htmlhttps://access.redhat.com/errata/RHSA-2019:0796https://access.redhat.com/errata/RHSA-2019:1147https://access.redhat.com/errata/RHSA-2019:1149https://access.redhat.com/errata/RHSA-2019:1289https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Qhttps://lists.debian.org/debian-lts-announce/2019/03/msg00042.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418