Your SlideShare is downloading. ×
Watch out for the latest security patch to deal authentication bypass for ro r
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Watch out for the latest security patch to deal authentication bypass for ro r

196
views

Published on


0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
196
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Watch out for the latest Security Patch to deal authentication bypass for RoRRuby on Rails framework developers have been continuously releasing security updates sincethe last two weeks. Its recent updates like 3.0.20 and 2.3.16 versions were to address theremote code execution vulnerability. This was the third security patch released this month. Thedevelopers have mentioned that the updates released are extremely important, and haveadvised the users of 3.0.x and 2.3.x rails framework to update as soon as possible.The security update will fix the vulnerability in the Rails JSON code. That allowed the hackers tobypass authentication system and inject random SQL into the application database. Itoccasionally performed denial-of-service attack too. The rails developers have also pointed outthat currently it supports only the 2.3.x, 3.1.x, and 3.2.x versions and might release an updatefor 3.0.x version.Most recent vulnerability was identified as CVE-2013-0333, which was patched in theframework on 8th of Jan. The Ruby on Rails developers using Rails 2.3 and 3.0 are also advisableto install the new fixes even if they have installed the fix for CVE-2013-0156 earlier.Brief SummeryAffected Versions are: 2.3.x, 3.0.xUnaffected Versions are: 3.1.x, 3.2.x, and applications using yajl gemFixed Versions are: 3.0.20, 2.3.16