Vulnerability Details : CVE-2013-0156
Public exploit exists!
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
Vulnerability category: Input validationExecute codeDenial of service
Threat overview for CVE-2013-0156
Top countries where our scanners detected CVE-2013-0156
Top open port discovered on systems with this issue
80
IPs affected by CVE-2013-0156 147
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-0156!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-0156
Probability of exploitation activity in the next 30 days: 97.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2013-0156
-
Ruby on Rails XML Processor YAML Deserialization Code Execution
Disclosure Date: 2013-01-07First seen: 2020-04-26exploit/multi/http/rails_xml_yaml_code_execThis module exploits a remote code execution vulnerability in the XML request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in -
Ruby on Rails XML Processor YAML Deserialization Scanner
First seen: 2020-04-26auxiliary/scanner/http/rails_xml_yaml_scannerThis module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the XML request processor. Authors: - hdm <x@hdm.io> - jjarmoc -
Ruby on Rails Known Secret Session Cookie Remote Code Execution
Disclosure Date: 2013-04-11First seen: 2020-04-26exploit/multi/http/rails_secret_deserializationThis module implements Remote Command Execution on Ruby on Rails applications. Prerequisite is knowledge of the "secret_token" (Rails 2/3) or "secret_key_base" (Rails 4). The values for those can be usually found in the file "RAILS_ROOT/config/initializers/se
CVSS scores for CVE-2013-0156
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-0156
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0156
-
http://rhn.redhat.com/errata/RHSA-2013-0154.html
RHSA-2013:0154 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.insinuator.net/2013/01/rails-yaml/
Analysis of Rails XML Parameter Parsing Vulnerability – Insinuator.netThird Party Advisory
-
http://www.kb.cert.org/vuls/id/380039
VU#380039 - Ruby on Rails Action Pack framework insecurely typecasts YAML and Symbol XML parametersThird Party Advisory;US Government Resource
-
https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156
Serialization Mischief in Ruby Land (CVE-2013-0156)Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0155.html
Red Hat Customer PortalThird Party Advisory
-
https://puppet.com/security/cve/cve-2013-0156
CVE-2013-0156 | PuppetThird Party Advisory
-
http://www.kb.cert.org/vuls/id/628463
VU#628463 - Ruby on Rails 3.0 and 2.3 JSON Parser vulnerabilityThird Party Advisory;US Government Resource
-
http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
[SEC][ANN] Rails 3.0.20, and 2.3.16 have been released! | Riding RailsVendor Advisory
-
http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A
Access Denied | CISAThird Party Advisory;US Government Resource
-
https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain
Google GroepenThird Party Advisory
-
http://www.debian.org/security/2013/dsa-2604
Debian -- Security Information -- DSA-2604-1 railsThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0153.html
RHSA-2013:0153 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html
This page provides Security Information. - Fujitsu GlobalThird Party Advisory
Products affected by CVE-2013-0156
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*
- cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*