CVE-2016-0752
unknown
KEV
CVSS v3
—
CVSS v2
—
VIR risk
2.5
Description
Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.
CISA KEV
- Vendor
- Rails
- Product
- Ruby on Rails
- Due date
- 2022-04-15
Predictions
Exploit likelihood
99%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cisa-kev — https://nvd.nist.gov/vuln/detail/CVE-2016-0752
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-0752
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2016-0752.html
Exploits
Exploit-DB
- EDB-40561 · remote · multiple
Metasploit modules
- exploit_multi/http/rails_dynamic_render_code_exec · rank 600 · Ruby on Rails Dynamic Render File Upload Remote Code Execution
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 2:4.2.5.1-1 |
| debian | bullseye | fixed | 2:4.2.5.1-1 |
| debian | forky | fixed | 2:4.2.5.1-1 |
| debian | sid | fixed | 2:4.2.5.1-1 |
| debian | trixie | fixed | 2:4.2.5.1-1 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| RubyGems | actionview | <>= 5.0.0.beta1.1 | >= 5.0.0.beta1.1 |
| RubyGems | actionpack | !>= 4.1.0||<>= 5.0.0.beta1.1 | >= 5.0.0.beta1.1 |
| RubyGems | actionview | >=4.0.0,<4.1.14.1 | 4.1.14.1 |
| RubyGems | actionview | >=4.2.0,<4.2.5.1 | 4.2.5.1 |
| RubyGems | actionpack | >=4.0.0,<4.1.14.1 | 4.1.14.1 |
| RubyGems | actionpack | >=4.2.0,<4.2.5.1 | 4.2.5.1 |
| RubyGems | actionpack | <3.2.22.1 | 3.2.22.1 |
References
- https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00
- https://www.suse.com/security/cve/CVE-2016-0752.html
- https://nvd.nist.gov/vuln/detail/CVE-2016-0752
- https://github.com/advisories/GHSA-xrr4-p6fq-hjg7
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml
- https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ
- https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ
- https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801
- https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752
- https://www.exploit-db.com/exploits/40561
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
- http://rhn.redhat.com/errata/RHSA-2016-0296.html
- http://www.debian.org/security/2016/dsa-3464
- http://www.openwall.com/lists/oss-security/2016/01/25/13
- http://www.securityfocus.com/bid/81801
- http://www.securitytracker.com/id/1034816
- https://security-tracker.debian.org/tracker/CVE-2016-0752
Verify integrity in audit chain (admin only). AS-IS.