Wednesday, January 10, 2018

Vulnerability Spotlight: Ruby Rails Gem XSS Vulnerabilities

Vulnerabilities discovered by Zachary Sanchez of Cisco ASIG

Overview


Talos has discovered two XSS vulnerabilities in Ruby Rails Gems. Rails is a Ruby framework designed to create web services or web pages. Ruby Gems is a package manager for distributing software packages as 'gems'. The two XSS vulnerabilities were discovered in two different gem packages: delayed_job_web and rails_admin.

Ruby is widely used as a language for web development. Gem packages allow software engineers to reuse code across multiple development projects. As such, the discovery of a vulnerability in a gem may mean that many different systems are affected by that vulnerability.



Details

TALOS-2017-0449 (CVE-2017-12097) - delayed_job_web rails gem XSS vulnerability

An exploitable XSS vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. The vulnerability can be used to phish users or steal cookies from connected users.

More details can be found in the vulnerability report:

TALOS-2017-0449

TALOS-2017-0450 (CVE-2017-12098) - rails_admin rails gem XSS vulnerability

This is an additional exploitable XSS vulnerability that exists in the filter functionality of the rails_admin rails gem version 1.2.0. In the same way at the above vulnerability, a specially crafted URL can be used to execute arbitrary javascript to phish users or steal cookies.

More details can be found in the vulnerability report:

TALOS-2017-0450

Coverage


The following Snort Rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org.

Snort Rules: 44380, 44381

No comments:

Post a Comment