← voltar
CVE-2016-2098

CVE-2016-2098

EPSS 81.4%
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Produtos afetados
n/a · n/a
PoCs públicas encontradas14
githubgithub.com/0x00-0x00/CVE-2016-209816githubgithub.com/j4k0m/CVE-2016-20984githubgithub.com/hderms/dh-CVE_2016_20983githubgithub.com/DanielHemmati/CVE-2016-2098-my-first-exploit2githubgithub.com/Shakun8/CVE-2016-20982githubgithub.com/CyberDefenseInstitute/PoC_CVE-2016-2098_Rails421githubgithub.com/Alejandro-MartinG/rails-PoC-CVE-2016-20981githubgithub.com/its-arun/CVE-2016-20981githubgithub.com/3rg1s/CVE-2016-20980githubgithub.com/JoseLRC97/Ruby-on-Rails-ActionPack-Inline-ERB-Remote-Code-Execution0githubgithub.com/sealldeveloper/CVE-2016-2098-PoC0githubgithub.com/Debalinax64/CVE-2016-20980exploitdbwww.exploit-db.com/exploits/40086não verificadocve_referencewww.exploit-db.com/exploits/40086/não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.htmlhttps://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJhttps://www.exploit-db.com/exploits/40086/http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/http://www.debian.org/security/2016/dsa-3509http://www.securityfocus.com/bid/83725http://www.securitytracker.com/id/1035122