SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Ruby on Rails log file manipulation attempt
This event is generated when an attacker attempts to exploit a file inclusion vulnerability present in Ruby on Rails by manipulating the development.log file.
Attempted User Privilege Gain
Rule checks for an attempt to exploit a file inclusion vulnerability found in Ruby on Rails.
Ease of Attack:
Simple; Metasploit modules available
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2016-0752Directory traversal vulnerability in Action View in Ruby on Rails before 220.127.116.11, 4.0.x and 4.1.x before 18.104.22.168, 4.2.x before 22.214.171.124, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
||Ease of Access||