We must thank IT virtualization as it led us to cloud technology. Today's IT infrastructures are already running their mission critical business applications on virtual machines. Like the physical infrastructure, virtualization is also cursed with cyber security challenges. This article talks about a typical open source virtualization solution and depicts the steps to secure its.

    Vulnerabilities in Ruby-on-Rails Framework & How to prevent it:

    Ruby-on-rails—

    it’s modular, easy-to-read, and broadly supported by legions of loyal developers. Many of the world’s most trafficked websites have relied on Rails to deliver scalable and highly available web services. As per the CVE database:

  1. Arbitrary file existence disclosure in Sprockets
  2. CVE 2015-7819

    Available as Ruby Gem or Rails plugin, Sprockets is a dependency management and concatenation library for managing JavaScript files in a web applications. If exploited, this vulnerability can allow remote attackers to determine if a file exists in the system outside of the web root directory. This vulnerability affects all versions of Rails.

    Solutions: To address this vulnerability, you must set config.serve_static_assets = false in an initializer or apply the patch provided by Rails.

  3. Possible Denial of Service attack in Active Support
  4. CVE 2015-3327

    Active Support provides language extensions and utilities to the framework. Two components — jdom.rb and rexml.rb —are vulnerable when JDOM or REXML are enabled, allowing remote attackers to cause a denial of service (DoS) attack with a specially crafted XML file. This affects versions of Rails before 4.1.11and4.2.xbefore 4.2.2. 

    Solutions: Remediation involves updating or patching Rails to fix the two vulnerable components.

  5. IP whitelist bypass in Web Console
  6. CVE 2015-3324

    ARails environments with Web Console enabled are susceptible to spoofing via specially-crafted remote requests. This vulnerability impacts version2.1.3, as used with Rails3.xand4.x.

    Solutions: To address this vulnerability, you must upgrade or patch Rails to fix the Web Console's whitelisted ip’s protection mechanism.

  7. CSRF Vulnerability in jquery-ujs and jquery-rails
  8. CVE 2015-1840

    jquery-ujsandjquery-railsenables the use jQuery in Rails web applications. Vulnerable versions allow attackers to bypass CSP protections CSRF tokens to attacker domains. All versions of Rails that use jquery-ujs or jquery-rails are affected.

    Solutions: Applying the appropriate patches for jquery-ujs abd jquery-rails will effectively remediate this vulnerability.

  9. XSS Vulnerability in ActiveSupport::JSON.encode
  10. CVE 2015-3226

    This flaw is another Rails Active Support vulnerability, allowing for XSS attacks to be carried out byjson/encoding.rb.Impacted versions include Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2.

    Applying the appropriate patches will effectively remediate this vulnerability.

  11. Potential Denial of Service Vulnerability in Rack
  12. CVE 2015-3225

    Rack is a Ruby web server interface that enables the filtering of requests and responses to a Rails application. Specially crafted requests can trigger a SystemStackError and a subsequent DoS. This vulnerability impacts all versions.

    To fix this vulnerability, you must either upgrade or apply the appropriate patches.

  13. Arbitrary file existence disclosure in Action Pack
  14. CVE 2014-7829

    Action Pack consists of two major components: Action View and Action Controller. In this case, a directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb allows remote attackers to determine the existence of files outside the application root. Impacted versions include versions 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3

    To prevent this vulnerability from being exploited, you must apply the appropriate security patches or update your version of Rails.

Remediation:

Fixing the above vulnerabilities is crucial to bolstering your Rails web application's security posture. Our expertise in this matter enables us to be very accurate in terms of our vulnerability finding. At Valency Networks, we understand your web application and perform framework specific checks mentioned above. Our expertise in this matter enables us to be very accurate in terms of our vulnerability finding.

    Resources:

  1. https://www.upguard.com/articles
  2. https://en.wikipedia.org/wiki/Django_(web_framework)