Vulnerability Details : CVE-2016-0752
Public exploit exists!
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
Vulnerability category: Directory traversal
Products affected by CVE-2016-0752
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_module_for_containers:12:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*
Threat overview for CVE-2016-0752
Top countries where our scanners detected CVE-2016-0752
Top open port discovered on systems with this issue
80
IPs affected by CVE-2016-0752 302
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-0752!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
CVE-2016-0752 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Ruby on Rails Directory Traversal Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2016-0752
Added on
2022-03-25
Action due date
2022-04-15
Exploit prediction scoring system (EPSS) score for CVE-2016-0752
97.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2016-0752
-
Ruby on Rails Dynamic Render File Upload Remote Code Execution
Disclosure Date: 2016-10-16First seen: 2020-04-26exploit/multi/http/rails_dynamic_render_code_execThis module exploits a remote code execution vulnerability in the explicit render method when leveraging user parameters. This module has been tested across multiple versions of Ruby on Rails. The technique used by this module requires the specified endpoint
CVSS scores for CVE-2016-0752
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | 2024-07-16 |
CWE ids for CVE-2016-0752
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-0752
-
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ
Broken Link
-
http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html
openSUSE-SU-2016:0363-1: moderate: Security update for rubygem-actionpacMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
openSUSE-SU-2016:0372-1: moderate: Security update for rubygem-actionpacMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0296.html
RHSA-2016:0296 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/01/25/13
oss-security - [CVE-2016-0752] Possible Information Leak Vulnerability in Action ViewExploit;Mailing List
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
[security-announce] SUSE-SU-2016:1146-1: important: Security update forMailing List;Third Party Advisory
-
http://www.securitytracker.com/id/1034816
Rails Multiple Bugs Let Remote Users Determine Passwords, Modify Records, Bypass Security Restrictions, Deny Service, and Conduct Cross-Site Scripting Attacks - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
http://www.debian.org/security/2016/dsa-3464
Debian -- Security Information -- DSA-3464-1 railsMailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html
[SECURITY] Fedora 22 Update: rubygem-actionview-4.2.0-3.fc22Permissions Required
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html
[SECURITY] Fedora 23 Update: rubygem-actionview-4.2.3-3.fc23Permissions Required
-
http://www.securityfocus.com/bid/81801
Ruby on Rails Action View CVE-2016-0752 Directory Traversal VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/40561/
Ruby on Rails - Dynamic Render File Upload / Remote Code Execution (Metasploit)Exploit;Third Party Advisory;VDB Entry
Jump to