Nmap Development mailing list archives
Re: http-vuln-cve2013-0156: Detection of RCE in Ruby on Rails servers
From: David Fifield <david () bamsoftware com>
Date: Wed, 24 Apr 2013 15:30:30 -0700
On Thu, Apr 04, 2013 at 06:46:01PM -0600, Paulino Calderon wrote:
I know we are late to the party but still a very relevant vulnerability: https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/6.x/http-vuln-cve2013-0156.nse description = [[ Detects Ruby on Rails servers vulnerable to object injection, remote command executions and denial of service attacks. (CVE-2013-0156) All Ruby on Rails versions before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 are vulnerable. This script sends 3 harmless yaml payloads to detect vulnerable installations. If the malformed object receives a status 500 response, the server is likely processing YAML objects and therefore vulnerable. References: * https://community.rapid7.com/community/metasploit/blog/2013/01/10/exploiting-ruby-on-rails-with-metasploit-cve-2013-0156', * https://groups.google.com/forum/?fromgroups=#!msg/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ', * http://cvedetails.com/cve/2013-0156/
It looks good, Paulino. Go ahead and commit it. David Fifield _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-vuln-cve2013-0156: Detection of RCE in Ruby on Rails servers Paulino Calderon (Apr 04)
- Re: http-vuln-cve2013-0156: Detection of RCE in Ruby on Rails servers David Fifield (Apr 24)
- Re: http-vuln-cve2013-0156: Detection of RCE in Ruby on Rails servers Paulino Calderon Pale (Apr 24)
- Re: http-vuln-cve2013-0156: Detection of RCE in Ruby on Rails servers David Fifield (Apr 24)