A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint …
A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.
https://cwe.mitre.org/data/definitions/150.html →Open in CWE collection →The product validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs that only arise after the modification.
https://cwe.mitre.org/data/definitions/179.html →Open in CWE collection →Some APIs will strip certain leading characters from a string of parameters. An adversary can intentionally introduce leading "ghost" characters (extra characters that don't affect the validity of the request at the API layer) that enable the input to pass the filters and therefore process the adversary's input. This occurs when the targeted API will accept input data in several syntactic forms and interpret it in the equivalent semantic way, while the filter does not take into account the full spectrum of the syntactic forms acceptable to the targeted API.
https://capec.mitre.org/data/definitions/3.html →Open in CAPEC collection →This type of attack involves an attacker leveraging meta-characters in email headers to inject improper behavior into email programs. Email software has become increasingly sophisticated and feature-rich. In addition, email applications are ubiquitous and connected directly to the Web making them ideal targets to launch and propagate attacks. As the user demand for new functionality in email applications grows, they become more like browsers with complex rendering and plug in routines. As more email functionality is included and abstracted from the user, this creates opportunities for attackers. Virtually all email applications do not list email header information by default, however the email header contains valuable attacker vectors for the attacker to exploit particularly if the behavior of the email client application is known. Meta-characters are hidden from the user, but can contain scripts, enumerations, probes, and other attacks against the user's system.
https://capec.mitre.org/data/definitions/41.html →Open in CAPEC collection →An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: <parser1> --> <input validator> --> <parser2>. In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
https://capec.mitre.org/data/definitions/43.html →Open in CAPEC collection →An attacker may provide a Unicode string to a system component that is not Unicode aware and use that to circumvent the filter or cause the classifying mechanism to fail to properly understanding the request. That may allow the attacker to slip malicious data past the content filter and/or possibly cause the application to route the request incorrectly.
https://capec.mitre.org/data/definitions/71.html →Open in CAPEC collection →Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.
https://capec.mitre.org/data/definitions/81.html →Open in CAPEC collection →This attack targets the log files of the target host. The attacker injects, manipulates or forges malicious log entries in the log file, allowing them to mislead a log audit, cover traces of attack, or perform other malicious actions. The target host is not properly controlling log access. As a result tainted data is resulting in the log files leading to a failure in accountability, non-repudiation and incident forensics capability.
https://capec.mitre.org/data/definitions/93.html →Open in CAPEC collection →An adversary manipulates the headers and content of an email message by injecting data via the use of delimiter characters native to the protocol.
https://capec.mitre.org/data/definitions/134.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| pcs | Tracked | |
| ruby-rack | Tracked | |
| ruby-rack | Tracked | |
| ruby-rack | Tracked | |
| ruby-rack | Tracked | |
| ruby-rack | Tracked | |
| ruby-rack | Tracked | |
| ruby-rack | Tracked | |
| ruby-rack | Tracked | |
| ruby-rack | Tracked | |
| ruby-rack | Tracked | |
| ruby-rack | Tracked | |
| ruby-rack | Tracked | |
| ruby-rack | Tracked | |
| ruby-rack | Tracked | |
| rubygem-rack | Tracked | |
| debian_linux | * | Tracked |
| rack | * | Tracked |