Ruby on Rails 3.2.7 Fixes Denial of Service Threat

By | Aug 3, 2012
Posted In Ruby on Rails, Security, Working in Tech
Tags: , ,
Add a comment

Ruby on Rails new version 3.2.7 fixes CVE-2012-3424, a worrisome security vulnerability that opens up denial of service attacks to Web applications that use RoR’s digest authentication.

Says H-Online:

The issue affects systems using the Action Pack digest authentication, typified by the use of the “with_http_digest” controller helper methods such as authenticate_or_request_with_http_digest. There are, according to the advisory, no workarounds for the issue which also affects Rails 3.0 and 3.1. The developers recommend that users upgrade immediately.

Details on the fix, along with code samples, are on Google’s Ruby on Rails group, here.

Related Links

About Mark Feffer

Dice.com
Mark Feffer is the Managing Editor of Dice. He started as a videotape editor back when there was videotape to edit, then joined the news desk at Dow Jones News/Retrieval, the company's first online product. He produced The Wall Street Journal's first multimedia CD-ROMs and published his novel, "September," in 2006. He lives in Pennsylvania with his wife, their fierce terrier, and a schnauzer who wonders why she ever left California. He's a member of the Project Management Institute.

Post a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>