CVE-2016-0752
Published: 16 February 2016
Summary
CVE-2016-0752 is a high-severity Path Traversal (CWE-22) vulnerability in Rubyonrails Rails. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
Directory traversal vulnerability CVE-2016-0752 affects Action View in Ruby on Rails versions prior to 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1. The flaw, assigned CWE-22, permits an attacker to supply a pathname containing dot-dot sequences to the render method, resulting in disclosure of arbitrary files outside the intended view directory when an application invokes render without path restrictions.
Remote unauthenticated attackers can exploit the issue over the network by crafting requests that trigger the vulnerable render call, achieving read access to sensitive files on the server with a CVSS 3.1 score of 7.5 reflecting high confidentiality impact and low attack complexity.
Fedora and openSUSE package announcements reference the availability of updated Rails packages that address the traversal flaw, indicating that administrators should apply the respective distribution updates to reach the fixed versions.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-0333
Vulnerability details
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render…
more
method and providing a .. (dot dot) in a pathname.
- CWE(s)
- KEV Date Added
- 25 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of pathnames supplied to render to reject dot-dot traversal sequences before file access occurs.
Mandates timely application of the Rails patches that close the unrestricted render path-traversal flaw.
Enforces that only explicitly authorized view files may be read, blocking the unauthorized file disclosure the CVE enables.