10 Jan '13, 9pm

Drop everything now and patch Ruby on Rails apps--new exploits, Metasploit module are out:

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popular Web application programming platform Ruby on Rails (RoR), as well as a new Metasploit module for the most serious of the two flaws, raising concerns of potentially damaging attacks to come on Web servers and databases. Patches for the two Ruby on Rails vulnerabilities , CVE-2013-0155 and CVE-2013-0156, were issued yesterday after researchers disclosed the bugs earlier this week. Ruby on Rails is an open-source Web programming framework that runs in more than 200,000 websites and on tens of thousands of apps, including Twitter, Metasploit, Groupon, Scribd, Hulu, Living Social, Yellow Pages, and GitHub. To date, RoR hasn't experienced much in the way of security vulnerability issues, but this new bug finds likely will open the floodgates for more resea...

Full article: http://www.darkreading.com/database-security/167901020/se...

Tweets

Attack Code, Metasploit Module Released For Ser...

darkreading.com 10 Jan '13, 9pm

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popul...

Exploit Code, Metasploit Module Out for Ruby on...

threatpost.com 10 Jan '13, 3pm

Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proo...

Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)

Exploiting Ruby on Rails with Metasploit (CVE-2...

community.rapid7.com 10 Jan '13, 6pm

First off, make sure you have a copy of Metasploit and that you have How to update Metasploit Express and Metasploit Pro ....

#Exploit Info - VRT reviewed #Ruby on Rails vul...

vrt-blog.snort.org 10 Jan '13, 7pm

on the Ruby on Rails Security group January 8th contained a few phrases that cause alarm when used together: "inject arbit...

Exploits for Ruby on Rails holes now in circula...

h-online.com 10 Jan '13, 4pm

Since the reports of a critical vulnerability in Ruby on Rails , the first exploits have begun circulating and the first r...

Update Ruby now before it goes off the Rails

Update Ruby now before it goes off the Rails

pcworld.com 10 Jan '13, 10pm

Do you use Ruby on Rails? If so, it’s time to update. Now. Ruby on Rails is an open source Web application framework built...

Looks like #ruby sites might be up for grabs...

darkreading.com 16 Jan '13, 12am

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popul...

Ruby on Rails flaws expose thousands of websites to attack: More than 240,000 websites that use Ruby on Rails we...

Ruby on Rails flaws expose thousands of website...

computerweekly.com 10 Jan '13, 4pm

According to O’Donnell, the RoR vulnerability could be used for the creation of a worm , but it would be far worse if atta...

Dutch govt pulls Ruby on Rails, exploits become...

zdnet.com 11 Jan '13, 5am

The first effects of the recently discovered Ruby on Rails exploit are beginning to be felt, with the Dutch government pul...

ModSecurity Mitigations for Ruby on Rails XML Exploits

ModSecurity Mitigations for Ruby on Rails XML E...

blog.spiderlabs.com 10 Jan '13, 6pm

There is big trouble in Ruby on Rails (RoR) land... The issue is related to XML parsing of YAML document elements or Symbo...

Ruby on Rails derails 240,000 sites with enormo...

theregister.co.uk 10 Jan '13, 3pm

Popular programming framework Ruby on Rails is affected by two critical security vulnerabilities - one allowing anyone to ...

Exploit Code for Ruby on Rails Flaw Likely on t...

threatpost.com 09 Jan '13, 4pm

The vulnerabilities patched Tuesday in the Ruby on Rails Web framework have security researchers warning of the potential ...

Metasploit users - get the security update for ...

community.rapid7.com 09 Jan '13, 10am

was posted to the Ruby on Rails (RoR) security discussion list. The summary is that the XML processor in RoR can be tricke...

Metasploit Rails 3 Remote Code Execution Hours ...

community.rapid7.com 10 Jan '13, 3am

was posted to the Ruby on Rails (RoR) security discussion list. The summary is that the XML processor in RoR can be tricke...