Vulnerabilities discovered by Zachary Sanchez of Cisco ASIG
Overview
Talos has discovered two XSS vulnerabilities in Ruby Rails Gems. Rails is a Ruby framework designed to create web services or web pages. Ruby Gems is a package manager for distributing software packages as 'gems'. The two XSS vulnerabilities were discovered in two different gem packages: delayed_job_web and rails_admin.
Ruby is widely used as a language for web development. Gem packages allow software engineers to reuse code across multiple development projects. As such, the discovery of a vulnerability in a gem may mean that many different systems are affected by that vulnerability.
Details
TALOS-2017-0449 (CVE-2017-12097) - delayed_job_web rails gem XSS vulnerability An exploitable XSS vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. The vulnerability can be used to phish users or steal cookies from connected users.
More details can be found in the vulnerability report:
TALOS-2017-0450 (CVE-2017-12098) - rails_admin rails gem XSS vulnerability This is an additional exploitable XSS vulnerability that exists in the filter functionality of the rails_admin rails gem version 1.2.0. In the same way at the above vulnerability, a specially crafted URL can be used to execute arbitrary javascript to phish users or steal cookies.
More details can be found in the vulnerability report:
Coverage
The following Snort Rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org.
Snort Rules: 44380, 44381