Read @adamjodonnell's insights on the latest Ruby on Rails vulnerabilities and what organizations need to know

THE Ruby on Rails Vulnerabilities of 2013 - What they are and what should we do? | | Sourcefire blog

Read @adamjodonnell's insights on the latest Ruby on Rails vulnerabilities and what organizations need to know

A little under 24 hours ago two major, long-standing vulnerabilities were announced in the popular web programming framework Ruby on Rails. This blog post will talk about what is currently known about these vulnerabilities, what could happen based on previous experiences with these types of vulnerabilities, and what organizations and consumers need to know in order to stay aware and stay protected. The vulnerabilities (CVE-2013-0155 and CVE-2013-0156) deal with how data passed in by the user is parsed and handled by the Rails application. The second vulnerability (0156) is the more severe of the two, as it allows for full remote code execution against any Ruby on Rails application that has the XML parser enabled, which is case by default. More plainly, it means that anyone can run a unix command with the same privileges as the Ruby on Rails application under the default in...

Full article: http://blog.sourcefire.com/Post/2013/01/09/1357761360-the...

Tweets

@rootc0re » 11 Jan '13, 12am
RT @sambowne: ty @rootc0re: @spacerog @ericmonti New Ruby on Rails Vulns - What they are and what should we do? [link]
@sambowne » 10 Jan '13, 11pm
ty @rootc0re: @spacerog @ericmonti New Ruby on Rails Vulns - What they are and what should we do? [link]
@will_highfield » 10 Jan '13, 4pm
Running Ruby on Rails you need to upgrade NOW or give everyone shell access to your app server [link] [link]
@MarkStarkman » 10 Jan '13, 2pm
THE Ruby on Rails Vulnerabilities of 2013 - What they are and what should we do?-| Sourcefire blog [link]
@billt » 10 Jan '13, 10am
RT @benjrooney: Ruby on Rails Vulnerabilities of 2013 - What they are and what should we do? [link] < as an ex RoR developer this is scary
@benjrooney » 10 Jan '13, 10am
Ruby on Rails Vulnerabilities of 2013 - What they are and what should we do? [link] < as an ex RoR developer this is scary
@cookdominic » 10 Jan '13, 8am
Serious vulnerabilities reported on the popular web programming framework Ruby on Rails - [link]
@number007 » 09 Jan '13, 11pm
The Ruby on Rails Vulnerabilities of 2013 - What they are and what should we do? [link]
@pinkeerach » 09 Jan '13, 9pm
very important if you work w/Ruby on Rails. 2 major vulnerabilities announced today. [link]
@adamjodonnell » 09 Jan '13, 8pm
RT @Sourcefire: Read @adamjodonnell's insights on the latest Ruby on Rails vulnerabilities and what organizations need to know [link]
@Sourcefire » 09 Jan '13, 8pm
Read @adamjodonnell's insights on the latest Ruby on Rails vulnerabilities and what organizations need to know [link]
@jessjohannes » 09 Jan '13, 9pm
RT @Sourcefire: Read @adamjodonnell's insights on the latest Ruby on Rails vulnerabilities and what organizations need to know [link]
@initbrain » 09 Jan '13, 9pm
RT @Sourcefire: Read @adamjodonnell's insights on the latest Ruby on Rails vulnerabilities and what organizations need to know [link]
@Donool_ » 09 Jan '13, 8pm
RT @Sourcefire: Read @adamjodonnell's insights on the latest Ruby on Rails vulnerabilities and what organizations need to know [link]
@leonward » 09 Jan '13, 8pm
RT @Sourcefire: Read @adamjodonnell's insights on the latest Ruby on Rails vulnerabilities and what organizations need to know [link]
@kpyke » 09 Jan '13, 8pm
RT @Sourcefire: Read @adamjodonnell's insights on the latest Ruby on Rails vulnerabilities and what organizations need to know [link]