virus logo Intrusion Prevention

Ruby.on.Rails.protect_from_forgery.CSRF

description-logoDescription

This indicates a Cross Site Request Forgery attack attempt against Ruby on Rails.
The software does not verify tokens for requests with certain content types, which allows remote attackers to bypass CSRF protection for requests to applications that rely on this protection. If a legitimate user can be enticed to access a specially crafted HTML page, the vulnerability can be exploited by an attacker in the user's browser session.

affected-products-logoAffected Products

SuSE SUSE Linux Enterprise 10 SP3
SuSE SUSE Linux Enterprise 10 SP2
SuSE SLE 11
SuSE openSUSE 11.2
SuSE openSUSE 11.0
S.u.S.E. openSUSE 11.1
Ruby on Rails Ruby on Rails 2.3.5
Ruby on Rails Ruby on Rails 2.3.4
Ruby on Rails Ruby on Rails 2.3.3
Ruby on Rails Ruby on Rails 2.3.2
Ruby on Rails Ruby on Rails 2.2.3
Ruby on Rails Ruby on Rails 2.2.2
Ruby on Rails Ruby on Rails 2.1.1
Ruby on Rails Ruby on Rails 2.1
Ruby on Rails Ruby on Rails 2.0.5
Ruby on Rails Ruby on Rails 2.0.4
Ruby on Rails Ruby on Rails 2.0
Ruby on Rails Ruby on Rails 1.2.6
Ruby on Rails Ruby on Rails 1.2.5
Ruby on Rails Ruby on Rails 1.2.3
Ruby on Rails Ruby on Rails 1.1.6
Ruby on Rails Ruby on Rails 1.1.5
Ruby on Rails Ruby on Rails 1.1.4
Ruby on Rails Ruby on Rails 1.1.3
Ruby on Rails Ruby on Rails 1.1.2
Ruby on Rails Ruby on Rails 1.1.1
Ruby on Rails Ruby on Rails 1.1
Ruby on Rails Ruby on Rails 1.0
Ruby on Rails Ruby on Rails 0.14
Ruby on Rails Ruby on Rails 0.13
Redmine Redmine 0.8.7
Redmine Redmine 0.8.6
Redmine Redmine 0.8.5
Redmine Redmine 0.7.3
Redmine Redmine 0.7.2

Impact logoImpact

Information Spoofing: Remote attackers can spoof the data of vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade to the latest version, available from the web site.
http://www.rubyonrails.com/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-01-11 16.995
ID 27454
Created Jul 19, 2011
Updated Nov 15, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2008-7248
Exploit Prediction Score 15.49%
Default Action drop
Active
Affected OS Linux
Affected App Other