virus logo Intrusion Prevention

Ruby.on.Rails.Action.View.Information.Disclosure

description-logoDescription

This indicates an attack attempt against an Information Disclosure vulnerability in Ruby On Rails.
The vulnerability is due to improper validation of user supplied data when handling crafted HTTP Requests. A remote attacker can exploit this to gain unauthorized access to sensitive information on the affected machines via crafted packets.

affected-products-logoAffected Products

All version of Ruby on Rails except 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://rubyonrails.org/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-11-26 15.731 Name:Ruby.
On.
Rails.
Action.
View.
Information.
Disclosure:Ruby.
on.
Rails.
Action.
View.
Information.
Disclosure
2019-06-05 14.626 Default_action:pass:drop
2019-04-02 14.584

References

https://www.openwall.com/lists/oss-security/2019/03/13/5
ID 47673
Created Apr 02, 2019
Updated Nov 22, 2019
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2019-5418
Exploit Prediction Score 97.43%
Default Action drop
Active
Affected OS All
Affected App Other