16 Jan '13, 2pm

A Hard Knock Life - Ruby on Rails Vulnerabilities and System Hardening

In the case of the RoR vulnerabilities, a well hardened system would have saved the day for most RoR web applications. Many applications don’t use XML serialization at all. From those who do use it, only a minority are actually using the YAML serialization format. Therefore, the vast majority of the RoR powered applications don’t need a YAML support at all. If these systems would have been hardened to block the usage of XML, or YAML within XML, they would not have been vulnerable to CVE-2013-0156. A similar argument can be made for JSON system hardening with respect to the CVE-2013-0155 vulnerability.

Full article: http://www.securityweek.com/hard-knock-life-ruby-rails-vu...

Tweets

When the kiddies get ahold of a Ruby on Rails r...

Infosec Reactions When the kiddies get ahold of a Ruby on Rails remote by Sean 01/16/13 Tweet Accent theme by Handsome Cod...

Vulnerability in JSON Parser in Ruby on Rails 3...

groups.google.com 28 Jan '13, 9pm

Dieser Browser wird nicht unterstützt.

Vulnerability in JSON Parser in Ruby on Rails 3...

groups.google.com 28 Jan '13, 9pm

Dieser Browser wird nicht unterstützt.

Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately

Ruby on Rails Vulnerabilities Discovered, Users...

thewhir.com 10 Jan '13, 4pm

A vulnerability discovered on the Ruby on Rails web application framework allows attackers to bypass authentication system...

Read @adamjodonnell's insights on the latest Ru...

blog.sourcefire.com 09 Jan '13, 8pm

A little under 24 hours ago two major, long-standing vulnerabilities were announced in the popular web programming framewo...

Me at @CSO_Australia: "Nasty Ruby on Rails vuln...

cso.com.au 11 Jan '13, 4am

The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of ...

Java and Ruby on Rails vulnerabilities uncovered

networkedblogs.com 13 Jan '13, 10am

close Share Tweet Email Up Follow ITP.net

Concerned about #Java zero-day exploit and #Rub...

blog.trendmicro.com 14 Jan '13, 7pm

Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running R...

Java Zero-Day Exploit and Ruby on Rails Vulnera...

blog.trendmicro.com 11 Jan '13, 10pm

Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running R...

Ruby on Rails patches more critical vulnerabilities: Those using the Ruby on Rails web application framework on

Ruby on Rails patches more critical vulnerabili...

news.hitb.org 09 Jan '13, 10am

Those using the Ruby on Rails web application framework on their websites are being advised to update the software immedia...

Ruby on Rails patches more critical vulnerabili...

infoworld.com 09 Jan '13, 12pm

Those using the Ruby on Rails Web application framework on their websites are being advised to update the software immedia...

Rails vulnerabilities are not Rails'

revision-zero.org 12 Jan '13, 6pm

Would it make sense for Rails controllers to accept YAML-encoded parameters? Of course it does. URL-encoded, XML, and JSON...

Ruby on Rails security updates address SQL inje...

csoonline.com 14 Jan '13, 5am

January 03, 2013 — IDG News Service — The developers of Ruby on Rails, a popular Web application development framework for...