CVE-2016-0752

HIGH KEV

Ruby on Rails Dynamic Render File Upload Remote Code Execution

Title source: metasploit

Description

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

Exploits (4)

nomisec WORKING POC 10 stars

by forced-request · poc

https://github.com/forced-request/rails-rce-cve-2016-0752

View Code ZIP pw:eip

nomisec WORKING POC

by dachidahu · poc

https://github.com/dachidahu/CVE-2016-0752

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/40561

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by mr_me <[email protected]>, John Poulin (forced-request) · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_dynamic_render_code_exec.rb

View Code ZIP pw:eip

References (13)

[Permissions Required] http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html

[Permissions Required] http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2016-0296.html

[Mailing List, Third Party Advisory] http://www.debian.org/security/2016/dsa-3464

[Exploit, Mailing List] http://www.openwall.com/lists/oss-security/2016/01/25/13

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/81801

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1034816

[Broken Link] https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/40561/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752

Scores

CVSS v3 7.5

EPSS 0.9271

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitation Intel

CISA KEV 2022-03-25

VulnCheck KEV 2019-12-17

InTheWild.io 2022-03-25

ENISA EUVD EUVD-2017-0333

Classification

CWE

CWE-22

Status draft

Affected Products (9)

rubyonrails/rails < 3.2.22.1

rubyonrails/rails

opensuse/leap

opensuse/opensuse

suse/linux_enterprise_module_for_containers

debian/debian_linux

redhat/software_collections

rubygems/actionview < 4.1.14.1RubyGems

rubygems/actionpack < 4.1.14.1RubyGems

Timeline

Published Feb 16, 2016

KEV Added Mar 25, 2022

Tracked Since Feb 18, 2026