Ruby HTTParty CVE-2013-1801 Parameter Parsing Vulnerability
BID:58260
Info
Ruby HTTParty CVE-2013-1801 Parameter Parsing Vulnerability
| Bugtraq ID: | 58260 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-1801 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 14 2013 12:00AM |
| Updated: | Apr 11 2013 11:18AM |
| Credit: | Ben Murphy, Magnus Holm, Felix Wilhelm, Darcy Laycock, Jonathan Rudenberg, Bryan Helmkamp, Benoist Claassen and Charlie Somerville |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Ruby HTTParty CVE-2013-1801 Parameter Parsing Vulnerability
HTTParty is prone to a parameter parsing vulnerability.
An attacker can exploit this vulnerability to bypass certain security restrictions, execute arbitrary code in the context of the affected application, exploit latent vulnerabilities in the underlying database, deny service to legitimate users, or perform unauthorized actions. Other attacks are also possible.
HTTParty versions 0.9.0 and prior are affected.
HTTParty is prone to a parameter parsing vulnerability.
An attacker can exploit this vulnerability to bypass certain security restrictions, execute arbitrary code in the context of the affected application, exploit latent vulnerabilities in the underlying database, deny service to legitimate users, or perform unauthorized actions. Other attacks are also possible.
HTTParty versions 0.9.0 and prior are affected.
Exploit / POC
Ruby HTTParty CVE-2013-1801 Parameter Parsing Vulnerability
An attacker can exploit this issue using a web browser.
An attacker can exploit this issue using a web browser.
Solution / Fix
Ruby HTTParty CVE-2013-1801 Parameter Parsing Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Ruby HTTParty CVE-2013-1801 Parameter Parsing Vulnerability
References:
References: