virus logo Intrusion Prevention

Rails.Dynamic.Template.Render.Arbitrary.Command.Execution

description-logoDescription

This indicates an attack attempt to exploit a Directory Traversal and Arbitrary Command Execution Vulnerability in Ruby on Rails.
The vulnerability is due to the application passing unverified user input to the `render` method in a controller. A remote attacker could exploit this to execute arbitrary code execution within the context of the application, via a crafted HTTP request.

affected-products-logoAffected Products

Ruby on Rails all versions prior to 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, and 3.2.22.1

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the update available from the website
http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2024-12-18 29.923
Modified
 Sig Added
2020-03-16 15.796
Modified
 Sig Added
2020-03-16 15.796
Modified
 Status:enable:disable

References

https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/
ID 42010
Created Jan 29, 2016
Updated Dec 18, 2024
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 91.05%
Default Action drop
Active
Affected OS All
Affected App Other
Profile Type Code Injection