Added: 11/11/2016
CVE: CVE-2016-0752
BID: 81801
Ruby on Rails is a web application framework written in Ruby.
A vulnerability in Ruby on Rails allows arbitrary code to be uploaded and executed on the server if the application endpoint users dynamic render paths.
Upgrade to Ruby on Rails 3.2.22.1, 4.1.14.1, 4.2.5.1, or higher.
<https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/>
Exploit works on Linux. The **wget**
program must exist on the target. The URL path to an endpoint which uses dynamic render paths must be specified.
Linux