10 Jan '13, 6pm

ModSecurity Mitigations for Ruby on Rails XML Exploits

ModSecurity Mitigations for Ruby on Rails XML Exploits

There is big trouble in Ruby on Rails (RoR) land... The issue is related to XML parsing of YAML document elements or Symbols and results in remote code execution. The vulnerabilities have been confirmed by multiple sources and proof of concept code is available: Rails PoC Exploits by Postmortem . ModSecurity Mitigations The primary recommendation is of course to update your Ruby on Rails code to the latest patched version. If, however, you are unable to do so in a timely manner or at all, then here are some options to use ModSecurity to help prevent these attacks. Activating the XML Request Body Parser (libxml2) ModSecurity has the ability to inspect XML request bodies using libxml2 however it will not do so automatically. You must use rules to activate the XML request body parser. The OWASP ModSecurity CRS has the following example rule withn the 10 setup file : # # -- [[...

Full article: http://blog.spiderlabs.com/2013/01/modsecurity-mitigation...

Tweets

Rails PoC exploits for CVE-2013-0156 and CVE-20...

ronin-ruby.github.com 10 Jan '13, 7am

Next, [ActionDispatch::Http::Parameters] takes the parsed request parameters and merges them with the path parameters. Not...

Exploits for Ruby on Rails holes now in circula...

h-online.com 10 Jan '13, 4pm

Since the reports of a critical vulnerability in Ruby on Rails , the first exploits have begun circulating and the first r...

[remote exploits] - Ruby On Rails XML Processor...

1337day.com 11 Jan '13, 9am

Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and s...

Update Ruby now before it goes off the Rails

Update Ruby now before it goes off the Rails

pcworld.com 10 Jan '13, 10pm

Do you use Ruby on Rails? If so, it’s time to update. Now. Ruby on Rails is an open source Web application framework built...

Dutch govt pulls Ruby on Rails, exploits become...

zdnet.com 11 Jan '13, 5am

The first effects of the recently discovered Ruby on Rails exploit are beginning to be felt, with the Dutch government pul...

Drop everything now and patch Ruby on Rails app...

darkreading.com 10 Jan '13, 9pm

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popul...

Rails vulnerabilities are not Rails'

revision-zero.org 12 Jan '13, 6pm

Would it make sense for Rails controllers to accept YAML-encoded parameters? Of course it does. URL-encoded, XML, and JSON...

Exploit für Ruby on Rails im Umlauf

heise.de 10 Jan '13, 3pm

Für die am Mittwoch gemeldete, kritische Lücke in Ruby on Rails kursieren erste Exploits; es treffen auch bereits erste Be...

Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately

Ruby on Rails Vulnerabilities Discovered, Users...

thewhir.com 10 Jan '13, 4pm

A vulnerability discovered on the Ruby on Rails web application framework allows attackers to bypass authentication system...

Here is our talk from @OWASPChicago cc: @claudi...

speakerdeck.com 11 Jan '13, 3am

In this talk, Jon Claudius and I talk about common security issues with Rails apps and encourage our security audience to ...

Update Ruby now before it goes off the Rails #I...

csoonline.com 12 Jan '13, 10pm

January 11, 2013 — PC World — Do you use Ruby on Rails? If so, it's time to update. Now. Ruby on Rails is an open source W...

Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)

Exploiting Ruby on Rails with Metasploit (CVE-2...

community.rapid7.com 10 Jan '13, 6pm

First off, make sure you have a copy of Metasploit and that you have How to update Metasploit Express and Metasploit Pro ....

Exploit Code for Ruby on Rails Flaw Likely on t...

threatpost.com 09 Jan '13, 4pm

The vulnerabilities patched Tuesday in the Ruby on Rails Web framework have security researchers warning of the potential ...

expert webdeveloper -- #php, #html , ruby on ra...

freelancer.com 14 Jan '13, 10pm

Freelancer.com (formerly GetAFreelancer) is the world's largest outsourcing and crowdsourcing marketplace for small busine...

Metasploit Rails 3 Remote Code Execution Hours ...

community.rapid7.com 10 Jan '13, 3am

was posted to the Ruby on Rails (RoR) security discussion list. The summary is that the XML processor in RoR can be tricke...