Vulnerabilities > CVE-2019-5418
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE network
low complexity
rubyonrails
debian
redhat
opensuse
fedoraproject
nessus
exploit available
metasploit
Summary
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
Vulnerable Configurations
D2sec
| name | Rails File Disclosure |
| url | http://www.d2sec.com/exploits/rails_file_disclosure.html |
Exploit-Db
| file | exploits/multiple/webapps/46585.py |
| id | EDB-ID:46585 |
| last seen | 2019-03-21 |
| modified | 2019-03-21 |
| platform | multiple |
| port | |
| published | 2019-03-21 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/46585 |
| title | Rails 5.2.1 - Arbitrary File Content Disclosure |
| type | webapps |
Metasploit
| description | This module uses a path traversal vulnerability in Ruby on Rails versions =< 5.2.2 to read files on a target server. |
| id | MSF:AUXILIARY/GATHER/RAILS_DOUBLETAP_FILE_READ |
| last seen | 2019-12-31 |
| modified | 2019-04-21 |
| published | 2019-03-28 |
| references |
|
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/gather/rails_doubletap_file_read.rb |
| title | Ruby On Rails File Content Disclosure ('doubletap') |
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1344.NASL description This update for rubygem-actionpack-5_1 fixes the following issues : Security issues fixed : - CVE-2019-5418: Fixed a file content disclosure vulnerability in Action View which could be exploited via specially crafted accept headers in combination with calls to render file (bsc#1129272). - CVE-2019-5419: Fixed a resource exhaustion issue in Action View which could make the server unable to process requests (bsc#1129271). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 124709 published 2019-05-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124709 title openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2019-1344) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0796.NASL description An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es) : * rubygem-actionpack: render file directory traversal in Action View (CVE-2019-5418) * rubygem-actionpack: denial of service vulnerability in Action View (CVE-2019-5419) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127087 published 2019-07-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127087 title RHEL 7 : CloudForms (RHSA-2019:0796) NASL family Fedora Local Security Checks NASL id FEDORA_2019-1CFE24DB5C.NASL description Update Ruby on Rails to 5.2.3. Fixes CVE-2019-5418 CVE-2019-5419 CVE-2019-5420. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124724 published 2019-05-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124724 title Fedora 30 : 1:rubygem-actionmailer / 1:rubygem-actionpack / etc (2019-1cfe24db5c) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_1396A74A499711E9B5F183EDB3F89BA1.NASL description Ruby on Rails blog : Rails 4.2.11.1, 5.0.7.2, 5.1.6.2, 5.2.2.1, and 6.0.0.beta3 have been released! These contain the following important security fixes. It is recommended that users upgrade as soon as possible : CVE-2019-5418 File Content Disclosure in Action View CVE-2019-5419 Denial of Service Vulnerability in Action View last seen 2020-06-01 modified 2020-06-02 plugin id 122936 published 2019-03-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122936 title FreeBSD : Rails -- Action View vulnerabilities (1396a74a-4997-11e9-b5f1-83edb3f89ba1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1739.NASL description John Hawthorn of Github discovered a file content disclosure vulnerability in Rails, a ruby based web application framework. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents. This vulnerability could also be exploited for a denial of service attack. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 123526 published 2019-04-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123526 title Debian DLA-1739-1 : rails security update
Packetstorm
| data source | https://packetstormsecurity.com/files/download/152178/rails521-disclose.txt |
| id | PACKETSTORM:152178 |
| last seen | 2019-03-22 |
| published | 2019-03-21 |
| reporter | NotoriousRebel |
| source | https://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html |
| title | Rails 5.2.1 Arbitrary File Content Disclosure |
Redhat
| advisories |
| ||||||||||||||||
| rpms |
|
References
- https://www.exploit-db.com/exploits/46585/
- https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
- http://www.openwall.com/lists/oss-security/2019/03/22/1
- http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html
- https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html
- https://access.redhat.com/errata/RHSA-2019:0796
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html
- https://access.redhat.com/errata/RHSA-2019:1149
- https://access.redhat.com/errata/RHSA-2019:1147
- https://access.redhat.com/errata/RHSA-2019:1289
- https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/