Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:DIR:HTTP-ACCEPT-HDR

Severity

 Minor

Recommended

 Yes

Recommended Action

 Drop

Category

 HTTP

Keywords

 Directory Traversal Detected on HTTP Accept Header

Release Date

 2015/02/25

Update Number

 2470

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Directory Traversal Detected on HTTP Accept Header


This signature detects attempts to exploit a known flaw in HTTP accept header. A successful attack can result in directory traversal attacks.

Extended Description

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

Affected Products

  • Debian debian_linux 8.0
  • Redhat cloudforms 4.7
  • Rubyonrails rails 0.10.0
  • Rubyonrails rails 0.10.1
  • Rubyonrails rails 0.11.0
  • Rubyonrails rails 0.11.1
  • Rubyonrails rails 0.12.0
  • Rubyonrails rails 0.12.1
  • Rubyonrails rails 0.13.0
  • Rubyonrails rails 0.13.1
  • Rubyonrails rails 0.14.1
  • Rubyonrails rails 0.14.2
  • Rubyonrails rails 0.14.3
  • Rubyonrails rails 0.14.4
  • Rubyonrails rails 0.9.1
  • Rubyonrails rails 0.9.2
  • Rubyonrails rails 0.9.3
  • Rubyonrails rails 0.9.4
  • Rubyonrails rails 0.9.4.1
  • Rubyonrails rails 0.9.5
  • Rubyonrails rails 1.0.0
  • Rubyonrails rails 1.1.0
  • Rubyonrails rails 1.1.1
  • Rubyonrails rails 1.1.2
  • Rubyonrails rails 1.1.3
  • Rubyonrails rails 1.1.4
  • Rubyonrails rails 1.1.5
  • Rubyonrails rails 1.1.6
  • Rubyonrails rails 1.2.0
  • Rubyonrails rails 1.2.1
  • Rubyonrails rails 1.2.2
  • Rubyonrails rails 1.2.3
  • Rubyonrails rails 1.2.4
  • Rubyonrails rails 1.2.5
  • Rubyonrails rails 1.2.6
  • Rubyonrails rails 1.9.3
  • Rubyonrails rails 1.9.5
  • Rubyonrails rails 2.0.0
  • Rubyonrails rails 2.0.1
  • Rubyonrails rails 2.0.2
  • Rubyonrails rails 2.0.3
  • Rubyonrails rails 2.0.4
  • Rubyonrails rails 2.0.5
  • Rubyonrails rails 2.1.0
  • Rubyonrails rails 2.1.1
  • Rubyonrails rails 2.1.2
  • Rubyonrails rails 2.2.0
  • Rubyonrails rails 2.2.1
  • Rubyonrails rails 2.2.2
  • Rubyonrails rails 2.2.3
  • Rubyonrails rails 2.3
  • Rubyonrails rails 2.3.0
  • Rubyonrails rails 2.3.1
  • Rubyonrails rails 2.3.10
  • Rubyonrails rails 2.3.11
  • Rubyonrails rails 2.3.12
  • Rubyonrails rails 2.3.13
  • Rubyonrails rails 2.3.14
  • Rubyonrails rails 2.3.15
  • Rubyonrails rails 2.3.16
  • Rubyonrails rails 2.3.17
  • Rubyonrails rails 2.3.18
  • Rubyonrails rails 2.3.2
  • Rubyonrails rails 2.3.2.1
  • Rubyonrails rails 2.3.3
  • Rubyonrails rails 2.3.3.1
  • Rubyonrails rails 2.3.4
  • Rubyonrails rails 2.3.5
  • Rubyonrails rails 2.3.6
  • Rubyonrails rails 2.3.7
  • Rubyonrails rails 2.3.8
  • Rubyonrails rails 2.3.9
  • Rubyonrails rails 3.0.0
  • Rubyonrails rails 3.0.1
  • Rubyonrails rails 3.0.10
  • Rubyonrails rails 3.0.11
  • Rubyonrails rails 3.0.12
  • Rubyonrails rails 3.0.13
  • Rubyonrails rails 3.0.14
  • Rubyonrails rails 3.0.15
  • Rubyonrails rails 3.0.16
  • Rubyonrails rails 3.0.17
  • Rubyonrails rails 3.0.18
  • Rubyonrails rails 3.0.19
  • Rubyonrails rails 3.0.2
  • Rubyonrails rails 3.0.20
  • Rubyonrails rails 3.0.3
  • Rubyonrails rails 3.0.4
  • Rubyonrails rails 3.0.5
  • Rubyonrails rails 3.0.6
  • Rubyonrails rails 3.0.7
  • Rubyonrails rails 3.0.8
  • Rubyonrails rails 3.0.9
  • Rubyonrails rails 3.1.0
  • Rubyonrails rails 3.1.1
  • Rubyonrails rails 3.1.10
  • Rubyonrails rails 3.1.11
  • Rubyonrails rails 3.1.12
  • Rubyonrails rails 3.1.2
  • Rubyonrails rails 3.1.3
  • Rubyonrails rails 3.1.4
  • Rubyonrails rails 3.1.5
  • Rubyonrails rails 3.1.6
  • Rubyonrails rails 3.1.7
  • Rubyonrails rails 3.1.8
  • Rubyonrails rails 3.1.9
  • Rubyonrails rails 3.2.0
  • Rubyonrails rails 3.2.1
  • Rubyonrails rails 3.2.10
  • Rubyonrails rails 3.2.11
  • Rubyonrails rails 3.2.12
  • Rubyonrails rails 3.2.13
  • Rubyonrails rails 3.2.14
  • Rubyonrails rails 3.2.15
  • Rubyonrails rails 3.2.16
  • Rubyonrails rails 3.2.17
  • Rubyonrails rails 3.2.18
  • Rubyonrails rails 3.2.19
  • Rubyonrails rails 3.2.2
  • Rubyonrails rails 3.2.20
  • Rubyonrails rails 3.2.21
  • Rubyonrails rails 3.2.22
  • Rubyonrails rails 3.2.22.1
  • Rubyonrails rails 3.2.22.2
  • Rubyonrails rails 3.2.22.3
  • Rubyonrails rails 3.2.22.4
  • Rubyonrails rails 3.2.22.5
  • Rubyonrails rails 3.2.3
  • Rubyonrails rails 3.2.4
  • Rubyonrails rails 3.2.5
  • Rubyonrails rails 3.2.6
  • Rubyonrails rails 3.2.7
  • Rubyonrails rails 3.2.8
  • Rubyonrails rails 3.2.9
  • Rubyonrails rails 4.0.0
  • Rubyonrails rails 4.0.1
  • Rubyonrails rails 4.0.10
  • Rubyonrails rails 4.0.11
  • Rubyonrails rails 4.0.11.1
  • Rubyonrails rails 4.0.12
  • Rubyonrails rails 4.0.13
  • Rubyonrails rails 4.0.2
  • Rubyonrails rails 4.0.3
  • Rubyonrails rails 4.0.4
  • Rubyonrails rails 4.0.5
  • Rubyonrails rails 4.0.6
  • Rubyonrails rails 4.0.7
  • Rubyonrails rails 4.0.8
  • Rubyonrails rails 4.0.9
  • Rubyonrails rails 4.1.0
  • Rubyonrails rails 4.1.1
  • Rubyonrails rails 4.1.10
  • Rubyonrails rails 4.1.11
  • Rubyonrails rails 4.1.12
  • Rubyonrails rails 4.1.13
  • Rubyonrails rails 4.1.14
  • Rubyonrails rails 4.1.14.1
  • Rubyonrails rails 4.1.14.2
  • Rubyonrails rails 4.1.15
  • Rubyonrails rails 4.1.16
  • Rubyonrails rails 4.1.2
  • Rubyonrails rails 4.1.3
  • Rubyonrails rails 4.1.4
  • Rubyonrails rails 4.1.5
  • Rubyonrails rails 4.1.6
  • Rubyonrails rails 4.1.7
  • Rubyonrails rails 4.1.7.1
  • Rubyonrails rails 4.1.8
  • Rubyonrails rails 4.1.9
  • Rubyonrails rails 4.2.0
  • Rubyonrails rails 4.2.1
  • Rubyonrails rails 4.2.10
  • Rubyonrails rails 4.2.11
  • Rubyonrails rails 4.2.2
  • Rubyonrails rails 4.2.3
  • Rubyonrails rails 4.2.4
  • Rubyonrails rails 4.2.5
  • Rubyonrails rails 4.2.5.1
  • Rubyonrails rails 4.2.5.2
  • Rubyonrails rails 4.2.6
  • Rubyonrails rails 4.2.7
  • Rubyonrails rails 4.2.7.1
  • Rubyonrails rails 4.2.8
  • Rubyonrails rails 4.2.9
  • Rubyonrails rails 5.0.0
  • Rubyonrails rails 5.0.0.1
  • Rubyonrails rails 5.0.1
  • Rubyonrails rails 5.0.2
  • Rubyonrails rails 5.0.3
  • Rubyonrails rails 5.0.4
  • Rubyonrails rails 5.0.5
  • Rubyonrails rails 5.0.6
  • Rubyonrails rails 5.0.7
  • Rubyonrails rails 5.0.7.1
  • Rubyonrails rails 5.1.0
  • Rubyonrails rails 5.1.1
  • Rubyonrails rails 5.1.2
  • Rubyonrails rails 5.1.3
  • Rubyonrails rails 5.1.4
  • Rubyonrails rails 5.1.5
  • Rubyonrails rails 5.1.6
  • Rubyonrails rails 5.1.6.1
  • Rubyonrails rails 5.2.0
  • Rubyonrails rails 5.2.1
  • Rubyonrails rails 5.2.1.1
  • Rubyonrails rails 5.2.2

References

  • BugTraq: 107409
  • CVE: CVE-2019-5418
  • URL: https://groups.google.com/forum/#!topic/rubyonrails-security/pfrki96sm8q
  • URL: https://devcentral.f5.com/s/articles/ruby-on-rails-arbitrary-file-read-cve-2019-5418-34022
  • URL: https://security.berkeley.edu/news/critical-file-content-disclosure-dos-vulnerabilities-ruby-rails-cve-2019-5418

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out