10 Jan '13, 4pm

Exploits for Ruby on Rails holes now in circulation

Since the reports of a critical vulnerability in Ruby on Rails , the first exploits have begun circulating and the first reports of hijacked web servers are already coming in. The hole is extremely dangerous as it affects a very large number of applications and servers. Anyone who administers a server with a Rails application should urgently take action and either install the updated version or at least make changes which provide temporary protection. The updates published on Wednesday eliminate two errors which have been designated CVE-2013-0156 and CVE-2013-155, with the former being classified as critical. The underlying vulnerability allows for code to be injected into the server and executed with the privileges of the attacked Rails application. The problem lies in the way Rails accepts data from the user and an attacker need only send data as a POST request to an app...

Full article: http://www.h-online.com/open/news/item/Exploits-for-Ruby-...

Tweets

Update Ruby now before it goes off the Rails

Update Ruby now before it goes off the Rails

pcworld.com 10 Jan '13, 10pm

Do you use Ruby on Rails? If so, it’s time to update. Now. Ruby on Rails is an open source Web application framework built...

ModSecurity Mitigations for Ruby on Rails XML Exploits

ModSecurity Mitigations for Ruby on Rails XML E...

blog.spiderlabs.com 10 Jan '13, 6pm

There is big trouble in Ruby on Rails (RoR) land... The issue is related to XML parsing of YAML document elements or Symbo...

Rails PoC exploits for CVE-2013-0156 and CVE-20...

ronin-ruby.github.com 10 Jan '13, 7am

Next, [ActionDispatch::Http::Parameters] takes the parsed request parameters and merges them with the path parameters. Not...

Drop everything now and patch Ruby on Rails app...

darkreading.com 10 Jan '13, 9pm

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popul...

Dutch govt pulls Ruby on Rails, exploits become...

zdnet.com 11 Jan '13, 5am

The first effects of the recently discovered Ruby on Rails exploit are beginning to be felt, with the Dutch government pul...

Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)

Exploiting Ruby on Rails with Metasploit (CVE-2...

community.rapid7.com 10 Jan '13, 6pm

First off, make sure you have a copy of Metasploit and that you have How to update Metasploit Express and Metasploit Pro ....

Critical vulnerability in Ruby on Rails paramet...

h-online.com 09 Jan '13, 11am

The developers of Ruby on Rails are calling on users to update their Rails installations as soon as possible, following th...

Exploit Code, Metasploit Module Out for Ruby on...

threatpost.com 10 Jan '13, 3pm

Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proo...

Ruby on Rails derails 240,000 sites with enormo...

theregister.co.uk 10 Jan '13, 3pm

Popular programming framework Ruby on Rails is affected by two critical security vulnerabilities - one allowing anyone to ...

Exploit für Ruby on Rails im Umlauf

heise.de 10 Jan '13, 3pm

Für die am Mittwoch gemeldete, kritische Lücke in Ruby on Rails kursieren erste Exploits; es treffen auch bereits erste Be...

Update Ruby now before it goes off the Rails #I...

csoonline.com 12 Jan '13, 10pm

January 11, 2013 — PC World — Do you use Ruby on Rails? If so, it's time to update. Now. Ruby on Rails is an open source W...

Update Ruby now before it goes off the Rails #ITWorld

Update Ruby now before it goes off the Rails #I...

itworld.com 11 Jan '13, 9pm

January 11, 2013, 4:20 PM — Do you use Ruby on Rails? If so, it's time to update. Now. Ruby on Rails is an open source Web...

Attack Code, Metasploit Module Released For Ser...

darkreading.com 10 Jan '13, 9pm

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popul...

[remote exploits] - Ruby On Rails XML Processor...

1337day.com 11 Jan '13, 9am

Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and s...

Metasploit users - get the security update for ...

community.rapid7.com 09 Jan '13, 10am

was posted to the Ruby on Rails (RoR) security discussion list. The summary is that the XML processor in RoR can be tricke...