E19-0uvu1
CVSS:
7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
False Positive:
t
Variants:
4
Year:
2019
Description
The strikes replicates an attack on Ruby on Rails which leads to arbitrary file disclosure. The vulnerability resides in the lack of validation of the Accept header which is further parsed within the template renderer.rb file in order to return the template file to be rendered. By exploiting this, a remote unauthenticated attacker may read arbitrary files on the host system.
CVE
References
MSB
BID
ExploitDB
Secunia
Security Tracker
Metasploit
ZDI
OSVDB
{}