http://news.techworld.com/applications/3449583/hackers-exploit-ruby-on-rails-vulnerability-to-compromise-servers-create-botnet/
By Lucian Constantin
Techworld.com
29 May 2013
Hackers are actively exploiting a critical vulnerability in the Ruby on
Rails Web application development framework in order to compromise Web
servers and create a botnet.
The Ruby on Rails development team released a security patch for the
vulnerability, which is known as CVE-2013-0156, back in January.
However, some server administrators haven't yet updated their Rails
installations.
Ruby on Rails is a popular framework for developing Web applications
based on the Ruby programming language and is used by websites including
Hulu, GroupOn, GitHub and Scribd.
"It's pretty surprising that it's taken this long [for an exploit] to
surface in the wild, but less surprising that people are still running
vulnerable installations of Rails," said Jeff Jarmoc, a security
consultant with security research firm Matasano Security, Tuesday in a
blog post.
[...]
______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org
