09 Jan '13, 1pm

New flaw in Ruby on Rails:

New flaw in Ruby on Rails:

Earlier today the Internet Storm Center (ISC) reported , “A SQL Injection Flaw (CVE-2012-5664) was announced last week (Jan 2) in Ruby on Rails, but I think we missed reporting on it...” It added, “However, the hype and hoopla that any site with RoR code on it is vulnerable is just that - the vulnerability being discussed is very specific in nature, but folks hear ‘sql injection’ and (mistakenly as far as I can see) send it to the headline page.” The irony is that as ISC posted this less-than-urgent warning, Ruby on Rails (RoR) was posting a new one : “There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.” And this one, says HD Moore, Rapid7 's CSO and chief architect of Metasploit , is “pa...

Full article: http://www.infosecurity-magazine.com/view/30116/new-flaw-...

Tweets

SQL Injection Flaw in Ruby on Rails, (Wed, Jan ...

isc.sans.edu 09 Jan '13, 2am

A SQL Injection Flaw (CVE-2012-5664) was announced last week (Jan 2) in Ruby on Rails, but I think we missed reporting on ...

Exploit Code for Ruby on Rails Flaw Likely on t...

threatpost.com 09 Jan '13, 4pm

The vulnerabilities patched Tuesday in the Ruby on Rails Web framework have security researchers warning of the potential ...

Ruby on Rails vulnerable to six year old flaw

zdnet.com 09 Jan '13, 1am

A critical vulnerability has been discovered in Ruby on Rails that affects almost every version of the framework. A contri...

Ruby On Rails SQL Injection Flaw Has Serious Re...

it.slashdot.org 09 Jan '13, 4pm

This one is quite a serious flaw, and the data this website in question deals with is very important data (citizen IDs), s...

Unsafe Query Generation Risk in Ruby on Rails (...

groups.google.com 08 Jan '13, 8pm

Dieser Browser wird nicht unterstützt.

Any Ruby on Rails app is, badly, utterly, pwned...

groups.google.com 09 Jan '13, 3am

Dieser Browser wird nicht unterstützt.

Ruby on Rails

insinuator.net 08 Jan '13, 9pm

As you might remember YAML formatted parameters are not enabled by default in Rails due to YAML (or more specifically the ...

Ruby on Rails patches more critical vulnerabilities: Those using the Ruby on Rails web application framework on

Ruby on Rails patches more critical vulnerabili...

news.hitb.org 09 Jan '13, 10am

Those using the Ruby on Rails web application framework on their websites are being advised to update the software immedia...

If you use Ruby on Rails, you NEED to read this...

news.ycombinator.com 10 Jan '13, 3am

(Bah, great point about passwords. I need to reform my ways.)To amplify and expand on Thomas here: when this was announced...

Ruby on Rails Security Flaw Severe, but Not Widespread: Researcher

Ruby on Rails Security Flaw Severe, but Not Wid...

eweek.com 04 Jan '13, 1am

A security researcher finds a way to steal information from Web applications designed with Ruby on Rails and using a third...

Critical vulnerability in Ruby on Rails paramet...

h-online.com 09 Jan '13, 11am

The developers of Ruby on Rails are calling on users to update their Rails installations as soon as possible, following th...

All Ruby On Rails Versions Suffer SQL Injection...

it.slashdot.org 03 Jan '13, 4pm

"All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an att...

All Ruby On Rails Versions Suffer SQL Injection...

it.slashdot.org 03 Jan '13, 4pm

"All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an att...

Serious vulnerability in Ruby on Rails allowing...

reddit.com 08 Jan '13, 11pm

An attacker can execute any ruby code he wants including system("unix command"). This effects any rails version for the la...

SQL Injection Flaw Haunts All Ruby on Rails Ver...

threatpost.com 03 Jan '13, 3pm

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an atta...