Ruby on Rails 3.2.7 Fixes Denial of Service Threat

Ruby on Rails new version 3.2.7 fixes CVE-2012-3424, a worrisome security vulnerability that opens up denial of service attacks to Web applications that use RoR’s digest authentication.

Says H-Online:

The issue affects systems using the Action Pack digest authentication, typified by the use of the “with_http_digest” controller helper methods such as authenticate_or_request_with_http_digest. There are, according to the advisory, no workarounds for the issue which also affects Rails 3.0 and 3.1. The developers recommend that users upgrade immediately.

Details on the fix, along with code samples, are on Google’s Ruby on Rails group, here.

Related Links

Post a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>