Vulnerabilities > CVE-2019-5418

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
rubyonrails
debian
redhat
opensuse
fedoraproject
nessus
exploit available
metasploit

Summary

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

Vulnerable Configurations

Part Description Count
Application
Rubyonrails
286
Application
Redhat
3
OS
Debian
1
OS
Opensuse
1
OS
Fedoraproject
1

Exploit-Db

fileexploits/multiple/webapps/46585.py
idEDB-ID:46585
last seen2019-03-21
modified2019-03-21
platformmultiple
port
published2019-03-21
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/46585
titleRails 5.2.1 - Arbitrary File Content Disclosure
typewebapps

Metasploit

descriptionThis module uses a path traversal vulnerability in Ruby on Rails versions =< 5.2.2 to read files on a target server.
idMSF:AUXILIARY/GATHER/RAILS_DOUBLETAP_FILE_READ
last seen2019-12-31
modified2019-04-21
published2019-03-28
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/gather/rails_doubletap_file_read.rb
titleRuby On Rails File Content Disclosure ('doubletap')

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1344.NASL
    descriptionThis update for rubygem-actionpack-5_1 fixes the following issues : Security issues fixed : - CVE-2019-5418: Fixed a file content disclosure vulnerability in Action View which could be exploited via specially crafted accept headers in combination with calls to render file (bsc#1129272). - CVE-2019-5419: Fixed a resource exhaustion issue in Action View which could make the server unable to process requests (bsc#1129271). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id124709
    published2019-05-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124709
    titleopenSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2019-1344)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0796.NASL
    descriptionAn update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es) : * rubygem-actionpack: render file directory traversal in Action View (CVE-2019-5418) * rubygem-actionpack: denial of service vulnerability in Action View (CVE-2019-5419) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127087
    published2019-07-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127087
    titleRHEL 7 : CloudForms (RHSA-2019:0796)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-1CFE24DB5C.NASL
    descriptionUpdate Ruby on Rails to 5.2.3. Fixes CVE-2019-5418 CVE-2019-5419 CVE-2019-5420. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124724
    published2019-05-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124724
    titleFedora 30 : 1:rubygem-actionmailer / 1:rubygem-actionpack / etc (2019-1cfe24db5c)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_1396A74A499711E9B5F183EDB3F89BA1.NASL
    descriptionRuby on Rails blog : Rails 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2.1, and 6.0.0.beta3 have been released! These contain the following important security fixes. It is recommended that users upgrade as soon as possible : CVE-2019-5418 File Content Disclosure in Action View CVE-2019-5419 Denial of Service Vulnerability in Action View
    last seen2020-06-01
    modified2020-06-02
    plugin id122936
    published2019-03-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122936
    titleFreeBSD : Rails -- Action View vulnerabilities (1396a74a-4997-11e9-b5f1-83edb3f89ba1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1739.NASL
    descriptionJohn Hawthorn of Github discovered a file content disclosure vulnerability in Rails, a ruby based web application framework. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents. This vulnerability could also be exploited for a denial of service attack. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id123526
    published2019-04-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123526
    titleDebian DLA-1739-1 : rails security update

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/152178/rails521-disclose.txt
idPACKETSTORM:152178
last seen2019-03-22
published2019-03-21
reporterNotoriousRebel
sourcehttps://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html
titleRails 5.2.1 Arbitrary File Content Disclosure

Redhat

advisories
  • rhsa
    idRHSA-2019:0796
  • rhsa
    idRHSA-2019:1147
  • rhsa
    idRHSA-2019:1149
  • rhsa
    idRHSA-2019:1289
rpms
  • ansible-tower-0:3.4.3-1.el7at
  • ansible-tower-server-0:3.4.3-1.el7at
  • ansible-tower-setup-0:3.4.3-1.el7at
  • ansible-tower-ui-0:3.4.3-1.el7at
  • ansible-tower-venv-ansible-0:3.4.3-1.el7at
  • ansible-tower-venv-tower-0:3.4.3-1.el7at
  • cfme-0:5.10.3.3-1.el7cf
  • cfme-amazon-smartstate-0:5.10.3.3-1.el7cf
  • cfme-appliance-0:5.10.3.3-1.el7cf
  • cfme-appliance-common-0:5.10.3.3-1.el7cf
  • cfme-appliance-debuginfo-0:5.10.3.3-1.el7cf
  • cfme-appliance-tools-0:5.10.3.3-1.el7cf
  • cfme-debuginfo-0:5.10.3.3-1.el7cf
  • cfme-gemset-0:5.10.3.3-1.el7cf
  • cfme-gemset-debuginfo-0:5.10.3.3-1.el7cf
  • rh-ror50-rubygem-actionpack-1:5.0.1-2.el6
  • rh-ror50-rubygem-actionpack-1:5.0.1-2.el7
  • rh-ror50-rubygem-actionpack-doc-1:5.0.1-2.el6
  • rh-ror50-rubygem-actionpack-doc-1:5.0.1-2.el7
  • rh-ror42-rubygem-actionpack-1:4.2.6-5.el6
  • rh-ror42-rubygem-actionpack-1:4.2.6-5.el7
  • rh-ror42-rubygem-actionpack-doc-1:4.2.6-5.el6
  • rh-ror42-rubygem-actionpack-doc-1:4.2.6-5.el7
  • cfme-0:5.9.9.3-1.el7cf
  • cfme-amazon-smartstate-0:5.9.9.3-1.el7cf
  • cfme-appliance-0:5.9.9.3-1.el7cf
  • cfme-appliance-common-0:5.9.9.3-1.el7cf
  • cfme-appliance-debuginfo-0:5.9.9.3-1.el7cf
  • cfme-appliance-tools-0:5.9.9.3-1.el7cf
  • cfme-debuginfo-0:5.9.9.3-1.el7cf
  • cfme-gemset-0:5.9.9.3-1.el7cf
  • cfme-gemset-debuginfo-0:5.9.9.3-1.el7cf

References