[Infographic] 7 Ways to Hack Ruby on Rails and Prevention Tips

Posted by UpGuard

Ruby-on-Rails—it’s modular, expressive, and broadly supported by legions of loyal developers. From Twitter to GroupOn, many of the world’s most trafficked websites have relied on Rails to deliver scalable and highly available web services. But as GitHub discovered a few years back, the language/framework is not without its security flaws—65 to date, per the CVE database. Here are the top 15 and how to remediate and/or prevent them from being exploited.

7. Arbitrary file existence disclosure in Sprockets
CVE 2015-7819

Available as Ruby Gem or Rails plugin, Sprockets is a dependency management and concatenation library for managing JavaScript files in a web applications. If exploited, this vulnerability can allow remote attackers to determine if a file exists in the system outside of the web root directory. This vulnerability affects all versions of Rails.

To address this vulnerability, you must set config.serve_static_assets = false in an initializer or apply the patch provided by Rails.

6. Possible Denial of Service attack in Active Support
CVE 2015-3227

Active Support provides language extensions and utilities to the framework. Two componentsjdom.rb and rexml.rb—are vulnerable when JDOM or REXML are enabled, allowing remote attackers to cause a denial of service (DoS) attack with a specially crafted XML file. This affects versions of Rails before 4.1.11 and 4.2.x before 4.2.2. 

Remediation involves updating or patching Rails to fix the two vulnerable components.

5. IP whitelist bypass in Web Console
CVE 2015-3224

Rails environments with Web Console enabled are susceptible to spoofing via specially-crafted remote requests. This vulnerability impacts version 2.1.3, as used with Rails 3.x and 4.x.

To address this vulnerability, you must upgrade or patch Rails to fix the Web Console's whitelisted_ips protection mechanism.

4. CSRF Vulnerability in jquery-ujs and jquery-rails
CVE 2015-1840

jquery-ujs and jquery-rails enables the use jQuery in Rails web applications. Vulnerable versions allow attackers to bypass CSP protections CSRF tokens to attacker domains. All versions of Rails that use jquery-ujs or jquery-rails are affected.

Applying the appropriate patches for jquery-ujs abd jquery-rails will effectively remediate this vulnerability.

3. XSS Vulnerability in ActiveSupport::JSON.encode
CVE 2015-3226

This flaw is another Rails ActiveSupport vulnerability, allowing for XSS attacks to be carried out by json/encoding.rb. Impacted versions include Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2. 

Applying the appropriate patches will effectively remediate this vulnerability.

2. Potential Denial of Service Vulnerability in Rack
CVE 2015-3225

Rack is a Ruby web server interface that enables the filtering of requests and responses to a Rails application. Specially crafted requests can trigger a SystemStackError and a subsequent DoS. This vulnerability impacts all versions.

To fix this vulnerability, you must either upgrade or apply the appropriate patches.

1. Arbitrary file existence disclosure in Action Pack
CVE 2014-7829

Action Pack consists of two major components: Action View and Action Controller. In this case, a directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb allows remote attackers to determine the existence of files outside the application root. Impacted versions include versions 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3.

To prevent this vulnerability from being exploited, you must apply the appropraite security patches or update your version of Rails.

Remediation

Fixing the above vulnerabilities is crucial to bolstering your Rails web application's security posture. UpGuard provides a way for you to do this easily and automatically with a few mouse clicks. Our powerful policy engine can validate secure configurations for all environments, infrastructures, and application stacks. In this case, a simple security policy can be run to check for any of the above vulnerabilities—as well as new vulnerabilities not yet added to policy. Our OVAL-backed vulnerability detection and monitoring suite ensures that all the applications in your environment are free for vulnerabilities and security gaps.

Scan for Vulnerabilities

 

More Articles

10 Windows 7 Tips

Windows 7 was hailed as "the most secure Windows ever" but its predecessor Windows Vista didn't exactly set a high bar security-wise.
Read Article >

What's In the Website Risk Grader?

The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Article >

Understanding Risk in the 21st Century

As we enter 2016, the risk of data breaches in particular threatens to hamper business innovation.
Read Article >

Source(s):

http://www.cvedetails.com/

 

7 Ways to Hack Ruby on Rails and Prevention Tips

Topics: Infographic, ruby

UpGuard customers