Vulnerability Details : CVE-2016-2098
Public exploit exists!
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Vulnerability category: Input validation
Products affected by CVE-2016-2098
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*
Threat overview for CVE-2016-2098
Top countries where our scanners detected CVE-2016-2098
Top open port discovered on systems with this issue
80
IPs affected by CVE-2016-2098 363
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-2098!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-2098
94.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2016-2098
-
Ruby on Rails ActionPack Inline ERB Code Execution
Disclosure Date: 2016-03-01First seen: 2020-04-26exploit/multi/http/rails_actionpack_inline_execThis module exploits a remote code execution vulnerability in the inline request processor of the Ruby on Rails ActionPack component. This vulnerability allows an attacker to process ERB to the inline JSON processor, which is then rendered, permitting full RCE with
CVSS scores for CVE-2016-2098
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
7.3
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.9
|
3.4
|
NIST |
CWE ids for CVE-2016-2098
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2098
-
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ
-
http://www.securitytracker.com/id/1035122
Rails Bugs Let Remote Users View Files and Execute Arbitrary Code - SecurityTracker
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html
[security-announce] SUSE-SU-2016:0867-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html
[security-announce] openSUSE-SU-2016:0835-1: important: Security update
-
http://www.debian.org/security/2016/dsa-3509
Debian -- Security Information -- DSA-3509-1 rails
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
[security-announce] SUSE-SU-2016:1146-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html
[security-announce] SUSE-SU-2016:0967-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html
[security-announce] SUSE-SU-2016:0854-1: important: Security update for
-
https://www.exploit-db.com/exploits/40086/
Ruby on Rails ActionPack Inline ERB - Code Execution (Metasploit)
-
http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
Rails 4.2.5.2, 4.1.14.2 and 3.2.22.2 have been released! | Riding RailsPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/83725
Ruby on Rails Action Pack CVE-2016-2098 Remote Code Execution Vulnerability
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html
[security-announce] openSUSE-SU-2016:0790-1: important: Security update
Jump to