Drop everything now and patch Ruby on Rails apps--new exploits, Metasploit module are out:

Attack Code, Metasploit Module Released For Serious Ruby On Rails Bugs - Dark Reading

Drop everything now and patch Ruby on Rails apps--new exploits, Metasploit module are out:

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popular Web application programming platform Ruby on Rails (RoR), as well as a new Metasploit module for the most serious of the two flaws, raising concerns of potentially damaging attacks to come on Web servers and databases. Patches for the two Ruby on Rails vulnerabilities , CVE-2013-0155 and CVE-2013-0156, were issued yesterday after researchers disclosed the bugs earlier this week. Ruby on Rails is an open-source Web programming framework that runs in more than 200,000 websites and on tens of thousands of apps, including Twitter, Metasploit, Groupon, Scribd, Hulu, Living Social, Yellow Pages, and GitHub. To date, RoR hasn't experienced much in the way of security vulnerability issues, but this new bug finds likely will open the floodgates for more resea...

Full article: http://www.darkreading.com/database-security/167901020/se...

Tweets

@InfoSecPhils » 14 Jan '13, 12pm
Attack Code, Metasploit Module Released For Serious Ruby On Rails Bugs - Dark Reading... [link]
@MANOMACHINE » 14 Jan '13, 4am
Attack Code, Metasploit Module Released For Serious Ruby On Rails Bugs -- @DarkReading [link] #IT #Cybersec RT @prometheus2054
@tehblitz » 12 Jan '13, 1am
RT @_Zorya_: security experts say drop everything & patch Ruby on Rails apps now, Metasploit Module Released [link]
@_Zorya_ » 11 Jan '13, 4pm
security experts say drop everything & patch Ruby on Rails apps now, Metasploit Module Released [link]
@HaileyMcK » 10 Jan '13, 11pm
RT @Logik007: Attack Code, Metasploit Module Released For Serious Ruby On Rails Bugs -- @DarkReading [link] Java7 and Ruby in one day? #in
@Logik007 » 10 Jan '13, 11pm
Attack Code, Metasploit Module Released For Serious Ruby On Rails Bugs -- @DarkReading [link] Java7 and Ruby in one day? #in
@yuridiogenes » 10 Jan '13, 11pm
Attack Code, Metasploit Module Released For Serious Ruby On Rails Bugs [link]
@AdamGhetti » 10 Jan '13, 10pm
RT @kjhiggins: Metasploit was in the odd position of patching its own software for RoR bugs and then building an exploit module for it [link]
@cameronaiello » 10 Jan '13, 9pm
RT @DarkReading: Drop everything now and patch Ruby on Rails apps--new exploits, Metasploit module are out: [link]
@kjhiggins » 10 Jan '13, 9pm
Metasploit was in the odd position of patching its own software for RoR bugs and then building an exploit module for it [link]
@DarkReading » 10 Jan '13, 9pm
Drop everything now and patch Ruby on Rails apps--new exploits, Metasploit module are out: [link]
@alanjones19 » 10 Jan '13, 10pm
RT @DarkReading: Drop everything now and patch Ruby on Rails apps--new exploits, Metasploit module are out: [link]
@AlvandSolutions » 10 Jan '13, 9pm
RT @DarkReading: Drop everything now and patch Ruby on Rails apps--new exploits, Metasploit module are out: [link]
@wwdt4h » 10 Jan '13, 9pm
RT @DarkReading: Drop everything now and patch Ruby on Rails apps--new exploits, Metasploit module are out: [link]
@miyadice » 10 Jan '13, 9pm
RT @DarkReading: Drop everything now and patch Ruby on Rails apps--new exploits, Metasploit module are out: [link]
@adailami » 10 Jan '13, 9pm
RT @DarkReading: Drop everything now and patch Ruby on Rails apps--new exploits, Metasploit module are out: [link]