Ruby On Rails Known Secret Session Cookie Remote Code Execution
Data de publicação: 26 outubro 2016
Schweregrad: : Crítico
Descrição
This module implements Remote Command Execution on Ruby on Rails applications.
Prerequisite is knowledge of the "secret_token" (Rails 2/3) or "secret_key_base"
(Rails 4). The values for those can be usually found in the default location. The module achieves RCE by deserialization of a crafted Ruby Object.
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1005639