Are you running Rails? Have you upgraded? If not, stop, upgrade IMMEDIATELY.

‘Huge’ Ruby On Rails Vulnerability Causes Panic | TechWeekEurope UK

Are you running Rails? Have you upgraded? If not, stop, upgrade IMMEDIATELY.

A significant flaw on the Ruby on Rails web development framework might have put thousands of websites at risk of being hacked, researchers warned today. The vulnerability, which has been patched, lies in the XML parsing functionality in Ruby on Rails and could be exploited just by making a request to an application based on the framework. An advisory posted yesterday notified people of the flaw in the Ruby on Rails ‘Action Pack’. Ruby on Rails security scare “This vulnerability is critical and given the popularity of Ruby on Rails, the impact is huge,” Claudio Guarnieri, security researcher at Rapid7, told TechWeekEurope . “From a technical standpoint it’s a very interesting and challenging vulnerability that can be exploited in several different ways with very dangerous outcomes, from SQL injection to code execution. “Organisations that adopt Ruby on Rails in their appli...

Full article: http://www.techweekeurope.co.uk/news/huge-ruby-on-rails-v...

Tweets

@mattdarveniza » 10 Jan '13, 10pm
Days like today make me ultra glad I'm not a Rails dev. [link]
@juanj0se » 10 Jan '13, 9pm
Vulnerabilidad en Ruby On Rails [link] vía @Jlbenc
@iblametom » 10 Jan '13, 10am
Have given brief update to my Ruby on Rails vuln piece - it seems proof of concept exploits are online: [link]
@SirBertly » 10 Jan '13, 9am
d'oh! @kimenye [link]
@ddossot » 09 Jan '13, 7pm
RT @paulmakepeace: Are you running Rails? Have you upgraded? If not, stop, upgrade IMMEDIATELY. [link] <- Just STOP.
@phredmoyer » 09 Jan '13, 7pm
RT @paulmakepeace: Are you running Rails? Have you upgraded? If not, stop, upgrade IMMEDIATELY. [link]
@paulmakepeace » 09 Jan '13, 7pm
Are you running Rails? Have you upgraded? If not, stop, upgrade IMMEDIATELY. [link]
@LassoCEO » 09 Jan '13, 6pm
RT - @djdarkbeat - Am I allowed to RT this? "‘Huge’ Ruby On Rails Vulnerability Causes Panic [link] #security #rails"
@RaivoL » 09 Jan '13, 5pm
‘Huge’ Ruby On Rails Vulnerability Causes Panic | TechWeekEurope UK [link]
@mandyhassall » 09 Jan '13, 5pm
RT @iblametom: ‘Huge’ Ruby On Rails Vulnerability Causes Panic: [link] #security
@Claranet » 09 Jan '13, 5pm
RT @uktechnews: [eWeekEurope] ‘Huge’ Ruby On Rails Vulnerability Causes Panic [link]
@uktechnews » 09 Jan '13, 5pm
[eWeekEurope] ‘Huge’ Ruby On Rails Vulnerability Causes Panic [link]
@iblametom » 09 Jan '13, 5pm
‘Huge’ Ruby On Rails Vulnerability Causes Panic: [link] #security
@TechWeekEurope » 09 Jan '13, 4pm
‘Huge’ Ruby On Rails Vulnerability Causes Panic: Rails flaw could be a big issue for thousands of sites, securit... [link]
@alfamale156 » 09 Jan '13, 5pm
‘Huge’ Ruby On Rails Vulnerability Causes Panic #eweekeurope [link]
@TechWeekEurope » 09 Jan '13, 5pm
‘Huge’ Ruby On Rails Vulnerability Causes Panic: Rails flaw could be a big issue for thousands of sites, securit... [link]