REDHAT-BUG-544329: CSRF
First published: Fri Dec 04 2009(Updated: )
A possibility to circumvent protection against cross-site request forgery (CSRF) attacks was found in Ruby on Rails. Quoting upstream security advisory for exact details: There is a bug in all 2.1.x versions of Ruby on Rails which affects the effectiveness of the CSRF protection given by protect_from_forgery. By design rails does not perform token verification on requests with certain content types not typically generated by browsers. Unfortunately this list also included ‘text/plain’ which can be generated by browsers. Requests can be crafted which will circumvent the CSRF protection entirely. Rails does not parse the parameters provided with these requests, but that may not be enough to protect your application. References: ----------- <a href="http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html">http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html</a> <a href="http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1">http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1</a> Upstream patch: --------------- <a href="http://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a">http://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a</a> CVE Request: ------------ <a href="http://www.openwall.com/lists/oss-security/2009/11/28/1">http://www.openwall.com/lists/oss-security/2009/11/28/1</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ruby on Rails | >=2.1.0<=2.1.x |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
- http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
- http://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a
- http://www.openwall.com/lists/oss-security/2009/11/28/1
- https://rails.lighthouseapp.com/projects/8994/tickets/1145-bug-invalidauthenticitytoken-incorrectly-raised-for-xml-controllerdestroy-request
- http://github.com/rails/rails/commit/f1ad8b48aae3ee26613b3e77bc0056e120096846
- http://admin.fedoraproject.org/updates/rubygem-actionpack-2.1.1-5.fc10
- http://admin.fedoraproject.org/updates/rubygem-actionpack-2.1.1-5.el5
- https://access.redhat.com/security/cve/CVE-2008-7248
- https://bugzilla.redhat.com/show_bug.cgi?id=544329
Frequently Asked Questions
What is the severity of REDHAT-BUG-544329?
REDHAT-BUG-544329 is classified as a medium severity vulnerability due to its potential to weaken CSRF protection.
How do I fix REDHAT-BUG-544329?
To fix REDHAT-BUG-544329, upgrade Ruby on Rails to a version greater than 2.1.x that addresses this CSRF protection issue.
Which versions of Ruby on Rails are affected by REDHAT-BUG-544329?
All versions of Ruby on Rails from 2.1.0 to 2.1.x are affected by REDHAT-BUG-544329.
What kind of attack is REDHAT-BUG-544329 associated with?
REDHAT-BUG-544329 is associated with cross-site request forgery (CSRF) attacks.
What should I do if I cannot upgrade due to REDHAT-BUG-544329?
If upgrading is not an option due to REDHAT-BUG-544329, consider implementing additional security measures to mitigate CSRF risks.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-7248
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ruby on rails
- canonical/ruby on rails