BDU:2019-01506

Scores

EPSS

0.000none0.0%

0%20%40%60%80%100%

Percentile: 0.0%

CVSS

7.5high3.x

0246810

CVSS Score: 7.5/10

All CVSS Scores

CVSS 3.x

7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0

5.0

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Description

Уязвимость компонента Action View программной платформы Ruby on Rails связана с ошибками обработки HTTP-заголовков Accept при использовании в коде обработчика «render file». Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, читать произвольные файлы

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2019-5418

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-5418

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/

https://access.redhat.com/security/cve/cve-2019-5418

https://www.opennet.ru/opennews/art.shtml?num=50321

https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

Recommendations

Source: bdu

Использование рекомендации:
https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/

Для продуктов Debian:
https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html

Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/

Для Astra Linux:
https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186

Для OpenSUSE:
https://www.suse.com/security/cve/CVE-2019-5418/

URL: https://bdu.fstec.ru/vul/2019-01506

Vulnerable Software (20)

Type: Configuration

Vendor: rails core team

Product: ruby on rails

Operating System: astra 1.6

Trait:

{  "version_end_excluding": "4.2.11.1"}

Source: bdu

Type: Configuration

Vendor: rails core team

Product: ruby on rails

Operating System: astra 1.6

Trait:

{  "version_end_excluding": "6.0.0.beta3"}

Source: bdu

Type: Configuration

Vendor: rails core team

Product: ruby on rails

Operating System: astra 1.6

Trait:

{  "version_end_excluding": "5.2.2.1"}

Source: bdu

Type: Configuration

Vendor: rails core team

Product: ruby on rails

Operating System: astra 1.6

Trait:

{  "version_end_excluding": "5.1.6.2"}

Source: bdu

Type: Configuration

Vendor: rails core team

Product: ruby on rails

Operating System: astra 1.6

Trait:

{  "version_end_excluding": "5.0.7.1"}

Source: bdu

Type: Configuration

Vendor: rails core team

Product: ruby on rails

Operating System: opensuse leap 15.0

Trait:

{  "version_end_excluding": "4.2.11.1"}

Source: bdu

Type: Configuration

Vendor: rails core team

Product: ruby on rails

Operating System: opensuse leap 15.0

Trait:

{  "version_end_excluding": "6.0.0.beta3"}

Source: bdu

Type: Configuration

Vendor: rails core team

Product: ruby on rails

Operating System: opensuse leap 15.0

Trait:

{  "version_end_excluding": "5.2.2.1"}

Source: bdu

Type: Configuration

Vendor: rails core team

Product: ruby on rails

Operating System: opensuse leap 15.0

Trait:

{  "version_end_excluding": "5.1.6.2"}

Source: bdu

Type: Configuration

Vendor: rails core team

Product: ruby on rails

Operating System: opensuse leap 15.0

Trait:

{  "version_end_excluding": "5.0.7.1"}

Source: bdu

Russian Vulnerability Scanner Database

BDU:2019-01506

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

Related Vulnerabilities

Reference Links

Recommendations

Vulnerable Software (20)