Description

actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.

Remediation

References

CVE-2011-0449

Related Vulnerabilities

Sqlite Out-of-bounds Read Vulnerability (CVE-2019-8457)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-27131)

WordPress Plugin Knight Lab Timeline Cross-Site Scripting (3.6.6)

MySQL CVE-2013-3801 Vulnerability (CVE-2013-3801)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.20)

Severity

High

Classification

CVE-2011-0449 CWE-264

Tags

Missing Update Known Vulnerabilities