CVE-2016-0752 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2016-0752?

CVE-2016-0752 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-0752?

Check the references section above for vendor advisories and patch information. Affected products include: Rubyonrails Rails, Opensuse Leap, Opensuse Opensuse, Suse Linux Enterprise Module For Containers, Debian Debian Linux.

Vulnerability Description

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Rubyonrails	Rails	< 3.2.22.1
Opensuse	Leap	42.1
Opensuse	Opensuse	13.2
Suse	Linux Enterprise Module For Containers	12
Debian	Debian Linux	8.0
Redhat	Software Collections	1.0

Related Weaknesses (CWE)

CWE-22

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.hPermissions Required
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.hPermissions Required
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0296.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3464Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2016/01/25/13ExploitMailing List
http://www.securityfocus.com/bid/81801Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1034816Broken LinkThird Party AdvisoryVDB Entry
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXBroken Link
https://www.exploit-db.com/exploits/40561/ExploitThird Party AdvisoryVDB Entry
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.hPermissions Required
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.hPermissions Required
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2016-0752?

CVE-2016-0752 is a vulnerability with a CVSS score of 7.5 (HIGH). Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read a...

How severe is CVE-2016-0752?

CVE-2016-0752 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-0752?

Check the references section above for vendor advisories and patch information. Affected products include: Rubyonrails Rails, Opensuse Leap, Opensuse Opensuse, Suse Linux Enterprise Module For Containers, Debian Debian Linux.