CVE-2016-2098

HIGH

Debian Linux < 3.2.22.1 - Improper Input Validation

Title source: rule

Description

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Exploits (15)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteruby

https://www.exploit-db.com/exploits/40086

View Code ZIP pw:eip

nomisec WORKING POC 16 stars

by 0x00-0x00 · poc

https://github.com/0x00-0x00/CVE-2016-2098

View Code ZIP pw:eip

nomisec WRITEUP 4 stars

by j4k0m · poc

https://github.com/j4k0m/CVE-2016-2098

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by hderms · poc

https://github.com/hderms/dh-CVE_2016_2098

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by Shakun8 · poc

https://github.com/Shakun8/CVE-2016-2098

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by DanielHemmati · poc

https://github.com/DanielHemmati/CVE-2016-2098-my-first-exploit

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by its-arun · poc

https://github.com/its-arun/CVE-2016-2098

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by Alejandro-MartinG · poc

https://github.com/Alejandro-MartinG/rails-PoC-CVE-2016-2098

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by CyberDefenseInstitute · poc

https://github.com/CyberDefenseInstitute/PoC_CVE-2016-2098_Rails42

View Code ZIP pw:eip

gitlab WORKING POC

by fuxsocy.py · poc

https://gitlab.com/fuxsocy.py/cve-2016-2098

View Code ZIP pw:eip

nomisec WORKING POC

by sealldeveloper · poc

https://github.com/sealldeveloper/CVE-2016-2098-PoC

View Code ZIP pw:eip

nomisec WORKING POC

by JoseLRC97 · poc

https://github.com/JoseLRC97/Ruby-on-Rails-ActionPack-Inline-ERB-Remote-Code-Execution

View Code ZIP pw:eip

nomisec WORKING POC

by Debalinax64 · poc

https://github.com/Debalinax64/CVE-2016-2098

View Code ZIP pw:eip

nomisec WORKING POC

by 3rg1s · poc

https://github.com/3rg1s/CVE-2016-2098

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocruby

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_actionpack_inline_exec.rb

View Code ZIP pw:eip

References (12)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

[Patch, Vendor Advisory] http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/83725

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035122

[Mailing List] https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40086/

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3509

Scores

CVSS v3 7.3

EPSS 0.8743

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-20

Status published

Products (28)

debian/debian_linux 8.0

rubygems/actionpack 3.0.0 - 3.2.22.2RubyGems

rubyonrails/rails 4.0.0 (4 CPE variants)

rubyonrails/rails 4.0.1 (5 CPE variants)

rubyonrails/rails 4.0.2

rubyonrails/rails 4.0.3

rubyonrails/rails 4.0.4 (2 CPE variants)

rubyonrails/rails 4.0.5

rubyonrails/rails 4.0.6 (4 CPE variants)

rubyonrails/rails 4.0.7

... and 18 more

Published Apr 07, 2016

Tracked Since Feb 18, 2026