Test ID:	1.3.6.1.4.1.25623.1.0.901184
Category:	Web application abuses
Title:	Ruby on Rails CSRF Vulnerability
Summary:	Ruby on Rails is prone to cross-site request forgery (CSRF); vulnerabilities.
Description:	Summary: Ruby on Rails is prone to cross-site request forgery (CSRF) vulnerabilities. Vulnerability Insight: The flaw is caused by input validation errors in the CSRF protection feature, which could allow attackers to conduct cross site request forgery attacks by using combinations of browser plugins and HTTP redirections. Vulnerability Impact: Successful exploitation will allow attackers to conduct cross site request forgery attacks by using combinations of browser plugins and HTTP redirections. Affected Software/OS: Ruby on Rails versions 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4. Solution: Upgrade to Ruby on Rails version 3.0.4 or 2.3.11. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0447 BugTraq ID: 46291 http://www.securityfocus.com/bid/46291 Debian Security Information: DSA-2247 (Google Search) http://www.debian.org/security/2011/dsa-2247 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain http://www.securitytracker.com/id?1025060 http://secunia.com/advisories/43274 http://secunia.com/advisories/43666 http://www.vupen.com/english/advisories/2011/0587 http://www.vupen.com/english/advisories/2011/0877
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.