Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: http-vuln-cve2013-0156: Detection of RCE in Ruby on Rails servers

From: David Fifield <david () bamsoftware com>
Date: Wed, 24 Apr 2013 15:30:30 -0700
On Thu, Apr 04, 2013 at 06:46:01PM -0600, Paulino Calderon wrote:

I know we are late to the party but still a very relevant vulnerability:
https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/6.x/http-vuln-cve2013-0156.nse

description = [[
Detects Ruby on Rails servers vulnerable to object injection, remote
command executions and denial of service attacks. (CVE-2013-0156)

All Ruby on Rails versions before 2.3.15, 3.0.x before 3.0.19, 3.1.x
before 3.1.10, and 3.2.x before 3.2.11 are vulnerable. This script
sends 3 harmless yaml payloads to detect vulnerable installations.
If the malformed object receives a status 500 response, the server
is likely processing YAML objects and therefore vulnerable.

References:
* 
https://community.rapid7.com/community/metasploit/blog/2013/01/10/exploiting-ruby-on-rails-with-metasploit-cve-2013-0156&apos;,
* https://groups.google.com/forum/?fromgroups=#!msg/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ&apos;,
* http://cvedetails.com/cve/2013-0156/


It looks good, Paulino. Go ahead and commit it.

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: