Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Ruby on Rails Missing Encryption of Sensitive Data Vulnerability (CVE-2010-3299)

Description

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.

Remediation

References

Related Vulnerabilities

Ruby on Rails Improper Access Control Vulnerability (CVE-2016-6317)

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43770)

Omeka Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-13423)

Oracle Database Server Other Vulnerability (CVE-2005-3444)

WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.15)

Severity

Medium

Classification

CVE-2010-3299 CWE-311 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities