Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:MISC:RAILS-ROUTING |
|---|---|
Severity |
Warning |
Recommended |
No |
Category |
HTTP |
Keywords |
Rails Routing Vulnerability |
Release Date |
2006/08/15 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Rails Routing Vulnerability
This signature detects attempts to exploit a known vulnerability against Rails v1.1.5 and earlier. A successful attack can result in a denial-of-service condition.
Extended Description
Ruby on Rails is prone to a vulnerability in its routing functionality that may result in denial-of-service or data loss issues. Attackers may exploit this issue by issuing HTTP GET requests to predictable URIs to affected webservers. This issue affects Ruby on Rails versions 1.1.0, 1.1.1, 1.1.2, 1.1.4, and 1.1.5.
Affected Products
- Gentoo linux
- Ruby_on_rails ruby_on_rails 1.1.0
- Ruby_on_rails ruby_on_rails 1.1.1
- Ruby_on_rails ruby_on_rails 1.1.2
- Ruby_on_rails ruby_on_rails 1.1.4
- Ruby_on_rails ruby_on_rails 1.1.5
- Suse suse_linux_enterprise_sdk 10
- Ubuntu ubuntu_linux 5.10.0 Amd64
- Ubuntu ubuntu_linux 5.10.0 I386
- Ubuntu ubuntu_linux 5.10.0 Powerpc
- Ubuntu ubuntu_linux 6.06 LTS Amd64
- Ubuntu ubuntu_linux 6.06 LTS I386
- Ubuntu ubuntu_linux 6.06 LTS Powerpc
- Ubuntu ubuntu_linux 6.06 LTS Sparc
- Ubuntu ubuntu_linux 6.10 Amd64
- Ubuntu ubuntu_linux 6.10 I386
- Ubuntu ubuntu_linux 6.10 Powerpc
- Ubuntu ubuntu_linux 6.10 Sparc
References