Sid 1-51260

Report a false positive

Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Ruby on Rails render file directory traversal attempt

Rule Explanation

This event is generated when an attacker attempts to exploit a file disclosure vulnerability in Ruby on Rails. Impact: Web Application Attack Details: This rule checks for attempts to exploit a file disclosure vulnerability in Ruby on Rails. Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

CVE-2019-5418

Additional Links

packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html

Rule Vulnerability

CVE Additional Information

CVE-2019-5418
There is a File Content Disclosure vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
Details
Severity Base Score
Impact Score Exploit Score
Confidentiality Impact Integrity Impact
Availability Impact Access Vector
Authentication Ease of Access

Affected Systems