Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Strike ID:
E19-0uvu1
CVSS:
7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
False Positive:
t
Variants:
2
Year:
2019

Description

The strikes replicates an attack on Ruby on Rails which leads to arbitrary file disclosure. The vulnerability resides in the lack of validation of the "Accept" header which is further parsed within the "template_renderer.rb" file in order to return the template file to be rendered. By exploiting this, a remote unauthenticated attacker may read arbitrary files on the host system.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-5418

References

https://chybeta.github.io/2019/03/16/Analysis-for%E3%80%90CVE-2019-5418%E3%80%91...