#VU32464 Path traversal in Action Mailer - CVE-2014-7818

Cybersecurity Help s.r.o.

Published: 2014-11-08 | Updated: 2020-07-28

Vulnerability identifier: #VU32464

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2014-7818

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Action Mailer
Universal components / Libraries / Programming Languages & Components

Vendor: Rails

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled,. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to determine the existence of files outside the application root via a /.%2F sequence.

Mitigation
The vendor has issued the following versions to address this vulnerability: 3.2.20, 4.0.11, 4.1.7, 4.2.0.

Vulnerable software versions

Action Mailer: 3.2.0 - 4.1.6

External links
https://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ
https://puppet.com/security/cve/cve-2014-7829

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Path traversal in ruby-redmine-actionmailer (Alpine package)

Path traversal in ruby-actionmailer (Alpine package)

Path traversal in Rails Action Mailer for Ruby on Rails