09 Jan '13, 12am

Extremely critical Ruby on Rails bug threatens more than 200,000 sites

Hundreds of thousands of websites are potentially at risk following the discovery of an extremely critical vulnerability in the Ruby on Rails framework that gives remote attackers the ability to execute malicious code on the underlying servers. The bug is present in Rails versions spanning the past six years and in default configurations gives hackers a simple and reliable way to pilfer database contents, run system commands, and cause websites to crash, according to Ben Murphy, one of the developers who has confirmed the vulnerability. As of last week, the framework was used by more than 240,000 websites , including Github, Hulu, and Basecamp, underscoring the seriousness of the threat. "It is quite bad," Murphy told Ars. "An attack can send a request to any Ruby on Rails sever and then execute arbitrary commands. Even though it's complex, it's reliable, so it will work 1...

Full article: http://arstechnica.com/security/2013/01/extremely-crtical...

Tweets

Extremely critical Ruby on Rails bug threatens ...

reddit.com 09 Jan '13, 2am

No, what you need is a descriptive language that gives designers what they want and then hook everything up by calling som...

Extremely critical Ruby on Rails bug threatens ...

linuxtoday.com 09 Jan '13, 8pm

Extremely critical Ruby on Rails bug threatens more than 200,000 sites Jan 09, 2013, 11:00 (0 Talkback[s] ) Tweet Hundreds...

Unsafe Query Generation Risk in Ruby on Rails (...

groups.google.com 08 Jan '13, 8pm

Dieser Browser wird nicht unterstützt.

Extremely critical Ruby on Rails bug threatens ...

mukpin.com 10 Jan '13, 1pm

Extremely critical Ruby on Rails bug threatens more than 200,000 sites hundreds of thousands of websites are potentially a...

Ruby on Rails releases "extremely critical" fixes

scmagazine.com 09 Jan '13, 5pm

The maintainers of the Ruby on Rails have pushed out the second update in a week to fix critical holes in the web applicat...

Ruby on Rails pushing out 'extremely critical' fixes: Workaround available.

Ruby on Rails pushing out 'extremely critical' ...

scmagazine.com.au 09 Jan '13, 2am

The maintainers of Ruby on Rails have pushed out the second update in a week to fix a critical hole in the framework which...

Vulnerability in Ruby on Rails could bring 200,000 sites down

Vulnerability in Ruby on Rails could bring 200,...

geek.com 10 Jan '13, 12pm

In the realm of computer security there are bugs , and then there are bugs . The latter refers to a real showstopper — the...

Ruby on Rails 3.2.11 released to address 2 "ext...

news.softpedia.com 09 Jan '13, 10am

Less than one week has passed since Ruby on Rails 3.2.10 was released to address an SQL Injection vulnerability. However, ...

Ruby on Rails Releases 'Extremely Critical' Sec...

securityweek.com 09 Jan '13, 6pm

The latest versions, 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been updated with "two extremely critical security fixes" and...

Sites Built With Ruby on Rails Suffer New Vulne...

allthingsd.com 09 Jan '13, 4pm

Here’s something new in the way of security worries: Weaknesses in Ruby on Rails. A significant vulnerability has been fou...

Sites Built With Ruby On Rails Suffer New Vulne...

allthingsd.com 09 Jan '13, 4pm

Here’s something new in the way of security worries: Weaknesses in Ruby on Rails. A significant vulnerability has been fou...

Critical Flaws Patched in Ruby on Rails

threatpost.com 08 Jan '13, 9pm

"There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentica...

Ruby on Rails vulnerable to six year old flaw

zdnet.com 09 Jan '13, 1am

A critical vulnerability has been discovered in Ruby on Rails that affects almost every version of the framework. A contri...

Are you running Rails? Have you upgraded? If not, stop, upgrade IMMEDIATELY.

Are you running Rails? Have you upgraded? If no...

techweekeurope.co.uk 09 Jan '13, 4pm

A significant flaw on the Ruby on Rails web development framework might have put thousands of websites at risk of being ha...

Critical vulnerability in Ruby on Rails paramet...

h-online.com 09 Jan '13, 11am

The developers of Ruby on Rails are calling on users to update their Rails installations as soon as possible, following th...