Vulnerability CVE-2019-5418


Published: 2019-03-27

Description:
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Rails 5.2.1 Arbitrary File Content Disclosure
NotoriousRebel
22.03.2019

Type:

CWE-200

(Information Exposure)

Vendor: Debian
Product: Debian linux 
Version: 8.0;
Vendor: Rubyonrails
Product: Rails 
Version:
5.2.2
5.2.1.1
5.2.1
5.2.0
5.1.6.1
5.1.6
5.1.5
5.1.4
5.1.3
5.1.2
5.1.1
5.1.0
5.0.7.1
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
5.0.1
5.0.0.1
5.0.0
4.2.9
4.2.8
4.2.7.1
4.2.7
4.2.6
4.2.5.2
4.2.5.1
4.2.5
4.2.4
4.2.3
4.2.2
4.2.11
4.2.10
4.2.1
4.2.0
4.1.9
4.1.8
4.1.7.1
4.1.7
4.1.6
4.1.5
4.1.4
4.1.3
4.1.2
4.1.16
4.1.15
4.1.14.2
4.1.14.1
4.1.14
4.1.13
4.1.12
4.1.11
4.1.10
4.1.1
4.1.0
4.0.9
4.0.8
4.0.7
4.0.6
4.0.5
4.0.4
4.0.3
4.0.2
4.0.13
4.0.12
4.0.11.1
4.0.11
4.0.10
4.0.1
4.0.0
3.2.9
3.2.8
3.2.7
3.2.6
3.2.5
3.2.4
3.2.3
3.2.22.5
3.2.22.4
3.2.22.3
3.2.22.2
3.2.22.1
3.2.22
3.2.21
3.2.20
3.2.2
3.2.19
3.2.18
3.2.17
3.2.16
3.2.15
3.2.14
3.2.13
3.2.12
3.2.11
3.2.10
See more versions on NVD
Vendor: Redhat
Product: Cloudforms 
Version: 4.7;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html
http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html
http://www.openwall.com/lists/oss-security/2019/03/22/1
https://access.redhat.com/errata/RHSA-2019:0796
https://access.redhat.com/errata/RHSA-2019:1147
https://access.redhat.com/errata/RHSA-2019:1149
https://access.redhat.com/errata/RHSA-2019:1289
https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q
https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
https://www.exploit-db.com/exploits/46585/

Related CVE
CVE-2019-14818
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM me...
CVE-2014-8167
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack
CVE-2014-3655
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
CVE-2014-3592
OpenShift Origin: Improperly validated team names could allow stored XSS attacks
CVE-2010-4664
In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.
CVE-2010-4661
udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.
CVE-2010-3857
JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter.
CVE-2014-3599
HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy

Copyright 2019, cxsecurity.com

 

Back to Top