Signature Detail
Short Name |
HTTP:MISC:RAILS-ROUTING |
|---|---|
Severity |
Low |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Rails Routing Vulnerability |
Release Date |
2006/08/15 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Rails Routing Vulnerability
This signature detects attempts to exploit a known vulnerability against Rails v1.1.5 and earlier. A successful attack can result in a denial-of-service condition.
Extended Description
Ruby on Rails is prone to a vulnerability in its routing functionality that may result in denial-of-service or data loss issues. Attackers may exploit this issue by issuing HTTP GET requests to predictable URIs to affected webservers. This issue affects Ruby on Rails versions 1.1.0, 1.1.1, 1.1.2, 1.1.4, and 1.1.5.
Affected Products
- Gentoo Linux
- Ruby on Rails 1.1.0
- Ruby on Rails 1.1.1
- Ruby on Rails 1.1.2
- Ruby on Rails 1.1.4
- Ruby on Rails 1.1.5
- SuSE SUSE Linux Enterprise SDK 10
- Ubuntu Ubuntu Linux 5.10.0 Amd64
- Ubuntu Ubuntu Linux 5.10.0 I386
- Ubuntu Ubuntu Linux 5.10.0 Powerpc
- Ubuntu Ubuntu Linux 6.06 LTS Amd64
- Ubuntu Ubuntu Linux 6.06 LTS I386
- Ubuntu Ubuntu Linux 6.06 LTS Powerpc
- Ubuntu Ubuntu Linux 6.06 LTS Sparc
- Ubuntu Ubuntu Linux 6.10 Amd64
- Ubuntu Ubuntu Linux 6.10 I386
- Ubuntu Ubuntu Linux 6.10 Powerpc
- Ubuntu Ubuntu Linux 6.10 Sparc
References