Vulnerability Name:

CVE-2016-2097 (CCN-111174)

Assigned:2016-02-29
Published:2016-02-29
Updated:2019-08-08
Summary:Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
Note: this vulnerability exists because of an incomplete fix for CVE-2016-0752.
CVSS v3 Severity:5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-22
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2016-2097

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2016:0835

Source: SUSE
Type: UNKNOWN
SUSE-SU-2016:0854

Source: SUSE
Type: UNKNOWN
SUSE-SU-2016:0967

Source: CCN
Type: RHSA-2016-0454
Important: ror40 security update

Source: CCN
Type: RHSA-2016-0455
Important: ruby193 security update

Source: CCN
Type: RHSA-2016-0456
Important: rh-ror41 security update

Source: CCN
Type: SECTRACK ID: 1035122
Rails Bugs Let Remote Users View Files and Execute Arbitrary Code

Source: CCN
Type: Ruby on Rails Web Site
Rails 4.2.5.2, 4.1.14.2 and 3.2.22.2 have been released!

Source: CONFIRM
Type: Patch, Vendor Advisory
http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/

Source: DEBIAN
Type: UNKNOWN
DSA-3509

Source: CCN
Type: IBM Security Bulletin 1979720 (BigFix family)
Multiple vulnerabilities in RubyOnRails affects IBM BigFix Compliance Analytics. (CVE-2016-2097, CVE-2016-2098)

Source: CCN
Type: IBM Security Bulletin 1984666 (License Metric Tool)
Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2016-2098 CVE-2016-2097)

Source: BID
Type: UNKNOWN
83726

Source: SECTRACK
Type: UNKNOWN
1035122

Source: XF
Type: UNKNOWN
rails-cve20162097-info-disc(111174)

Source: MLIST
Type: UNKNOWN
[ruby-security-ann] 20160229 [CVE-2016-0752] Possible Information Leak Vulnerability in Action View

Vulnerable Configuration:Configuration 1:
  • cpe:/a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:* (Version <= 3.2.22.1)
  • OR cpe:/a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20162097
    V
    		CVE-2016-2097
    2021-08-15
    oval:org.opensuse.security:def:27562
    P
    		rubygem-rack-ssl on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26944
    P
    		libcgroup1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27708
    P
    		Security update for automake
    2020-12-01
    oval:org.opensuse.security:def:27274
    P
    		puppet on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27611
    P
    		Security update for Mozilla Firefox
    2020-12-01
    oval:org.opensuse.security:def:27008
    P
    		pango on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28346
    P
    		Security update for php53 (Important)
    2020-12-01
    oval:org.opensuse.security:def:27358
    P
    		LibVNCServer-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26932
    P
    		krb5-doc on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27650
    P
    		Security update for Mozilla NSS
    2020-12-01
    oval:org.opensuse.security:def:27136
    P
    		gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28381
    P
    		Security update for rubygem-actionpack-3_2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:27509
    P
    		libyaml-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26933
    P
    		krb5-plugin-kdb-ldap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27664
    P
    		Security update for rubygem-actionpack-2_3
    2020-12-01
    oval:org.opensuse.security:def:27217
    P
    		libsoup-2_4-1 on GA media (Moderate)
    2020-12-01
    oval:org.cisecurity:def:551
    P
    		DSA-3509-1 -- rails -- security update
    2016-07-01
    oval:com.ubuntu.artful:def:20162097000
    V
    		CVE-2016-2097 on Ubuntu 17.10 (artful) - medium.
    2016-04-07
    oval:com.ubuntu.disco:def:201620970000000
    V
    		CVE-2016-2097 on Ubuntu 19.04 (disco) - medium.
    2016-04-07
    oval:com.ubuntu.trusty:def:20162097000
    V
    		CVE-2016-2097 on Ubuntu 14.04 LTS (trusty) - medium.
    2016-04-07
    oval:com.ubuntu.cosmic:def:201620970000000
    V
    		CVE-2016-2097 on Ubuntu 18.10 (cosmic) - medium.
    2016-04-07
    oval:com.ubuntu.bionic:def:20162097000
    V
    		CVE-2016-2097 on Ubuntu 18.04 LTS (bionic) - medium.
    2016-04-07
    oval:com.ubuntu.xenial:def:20162097000
    V
    		CVE-2016-2097 on Ubuntu 16.04 LTS (xenial) - medium.
    2016-04-07
    oval:com.ubuntu.bionic:def:201620970000000
    V
    		CVE-2016-2097 on Ubuntu 18.04 LTS (bionic) - medium.
    2016-04-07
    oval:com.ubuntu.cosmic:def:20162097000
    V
    		CVE-2016-2097 on Ubuntu 18.10 (cosmic) - medium.
    2016-04-07
    oval:com.ubuntu.xenial:def:201620970000000
    V
    		CVE-2016-2097 on Ubuntu 16.04 LTS (xenial) - medium.
    2016-04-07
    oval:com.ubuntu.precise:def:20162097000
    V
    		CVE-2016-2097 on Ubuntu 12.04 LTS (precise) - medium.
    2016-04-07
    BACK
    rubyonrails rails 4.0.0 -
    rubyonrails rails 4.0.0 beta
    rubyonrails rails 4.0.0 rc1
    rubyonrails rails 4.0.0 rc2
    rubyonrails rails 4.0.1 -
    rubyonrails rails 4.0.1 rc1
    rubyonrails rails 4.0.1 rc2
    rubyonrails rails 4.0.1 rc3
    rubyonrails rails 4.0.1 rc4
    rubyonrails rails 4.0.2
    rubyonrails rails 4.0.3
    rubyonrails rails 4.0.4
    rubyonrails rails 4.0.4 rc1
    rubyonrails rails 4.0.5
    rubyonrails rails 4.0.6
    rubyonrails rails 4.0.6 rc1
    rubyonrails rails 4.0.6 rc2
    rubyonrails rails 4.0.6 rc3
    rubyonrails rails 4.0.7
    rubyonrails rails 4.0.8
    rubyonrails rails 4.0.9
    rubyonrails rails 4.0.10 rc1
    rubyonrails rails 4.1.0 -
    rubyonrails rails 4.1.0 beta1
    rubyonrails rails 4.1.0 beta2
    rubyonrails rails 4.1.0 rc1
    rubyonrails rails 4.1.0 rc2
    rubyonrails rails 4.1.1
    rubyonrails rails 4.1.2
    rubyonrails rails 4.1.2 rc1
    rubyonrails rails 4.1.2 rc2
    rubyonrails rails 4.1.2 rc3
    rubyonrails rails 4.1.3
    rubyonrails rails 4.1.4
    rubyonrails rails 4.1.5
    rubyonrails rails 4.1.6 rc1
    rubyonrails rails 4.1.6 rc2
    rubyonrails rails 4.1.7
    rubyonrails rails 4.1.7.1
    rubyonrails rails 4.1.8
    rubyonrails rails 4.1.9 rc1
    rubyonrails rails 4.1.10 rc1
    rubyonrails rails 4.1.10 rc2
    rubyonrails rails 4.1.10 rc3
    rubyonrails rails 4.1.10 rc4
    rubyonrails rails 4.1.12 rc1
    rubyonrails rails 4.1.13 rc1
    rubyonrails rails 4.1.14 rc1
    rubyonrails rails 4.1.14 rc2
    rubyonrails ruby on rails *
    rubyonrails ruby on rails 4.1.14.1