The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method.
Weakness
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rails | Rubyonrails | 3.0.0 (including) | 3.0.0 (including) |
| Rails | Rubyonrails | 3.0.0-beta (including) | 3.0.0-beta (including) |
| Rails | Rubyonrails | 3.0.0-beta2 (including) | 3.0.0-beta2 (including) |
| Rails | Rubyonrails | 3.0.0-beta3 (including) | 3.0.0-beta3 (including) |
| Rails | Rubyonrails | 3.0.0-beta4 (including) | 3.0.0-beta4 (including) |
| Rails | Rubyonrails | 3.0.0-rc (including) | 3.0.0-rc (including) |
| Rails | Rubyonrails | 3.0.0-rc2 (including) | 3.0.0-rc2 (including) |
| Rails | Rubyonrails | 3.0.1 (including) | 3.0.1 (including) |
| Rails | Rubyonrails | 3.0.1-pre (including) | 3.0.1-pre (including) |
| Rails | Rubyonrails | 3.0.2 (including) | 3.0.2 (including) |
| Rails | Rubyonrails | 3.0.2-pre (including) | 3.0.2-pre (including) |
| Rails | Rubyonrails | 3.0.3 (including) | 3.0.3 (including) |
| Rails | Rubyonrails | 3.0.4-rc1 (including) | 3.0.4-rc1 (including) |
| Rails | Rubyonrails | 3.0.5 (including) | 3.0.5 (including) |
| Rails | Rubyonrails | 3.0.5-rc1 (including) | 3.0.5-rc1 (including) |
| Rails | Rubyonrails | 3.0.6 (including) | 3.0.6 (including) |
| Rails | Rubyonrails | 3.0.6-rc1 (including) | 3.0.6-rc1 (including) |
| Rails | Rubyonrails | 3.0.6-rc2 (including) | 3.0.6-rc2 (including) |
| Rails | Rubyonrails | 3.0.7 (including) | 3.0.7 (including) |
| Rails | Rubyonrails | 3.0.7-rc1 (including) | 3.0.7-rc1 (including) |
| Rails | Rubyonrails | 3.0.7-rc2 (including) | 3.0.7-rc2 (including) |
| Rails | Rubyonrails | 3.0.8 (including) | 3.0.8 (including) |
| Rails | Rubyonrails | 3.0.8-rc1 (including) | 3.0.8-rc1 (including) |
| Rails | Rubyonrails | 3.0.8-rc2 (including) | 3.0.8-rc2 (including) |
| Rails | Rubyonrails | 3.0.8-rc3 (including) | 3.0.8-rc3 (including) |
| Rails | Rubyonrails | 3.0.8-rc4 (including) | 3.0.8-rc4 (including) |
| Rails | Rubyonrails | 3.0.9 (including) | 3.0.9 (including) |
| Rails | Rubyonrails | 3.0.9-rc1 (including) | 3.0.9-rc1 (including) |
| Rails | Rubyonrails | 3.0.9-rc2 (including) | 3.0.9-rc2 (including) |
| Rails | Rubyonrails | 3.0.9-rc3 (including) | 3.0.9-rc3 (including) |
| Rails | Rubyonrails | 3.0.9-rc4 (including) | 3.0.9-rc4 (including) |
| Rails | Rubyonrails | 3.0.9-rc5 (including) | 3.0.9-rc5 (including) |
| Rails | Rubyonrails | 3.0.10 (including) | 3.0.10 (including) |
| Rails | Rubyonrails | 3.0.10-rc1 (including) | 3.0.10-rc1 (including) |
| Rails | Rubyonrails | 3.0.11 (including) | 3.0.11 (including) |
| Rails | Rubyonrails | 3.0.12 (including) | 3.0.12 (including) |
| Rails | Rubyonrails | 3.0.12-rc1 (including) | 3.0.12-rc1 (including) |
| Rails | Rubyonrails | 3.0.13 (including) | 3.0.13 (including) |
| Rails | Rubyonrails | 3.0.13-rc1 (including) | 3.0.13-rc1 (including) |
| Rails | Rubyonrails | 3.0.14 (including) | 3.0.14 (including) |
| Ruby_on_rails | Rubyonrails | 3.0.4 (including) | 3.0.4 (including) |
| CloudForms for RHEL 6 | RedHat | converge-ui-devel-0:1.0.4-1.el6cf | * |
| CloudForms for RHEL 6 | RedHat | puppet-0:2.6.17-2.el6cf | * |
| CloudForms for RHEL 6 | RedHat | rubygem-actionpack-1:3.0.10-10.el6cf | * |
| CloudForms for RHEL 6 | RedHat | rubygem-activerecord-1:3.0.10-6.el6cf | * |
| CloudForms for RHEL 6 | RedHat | rubygem-activesupport-1:3.0.10-4.el6cf | * |
| CloudForms for RHEL 6 | RedHat | rubygem-chunky_png-0:1.2.0-3.el6cf | * |
| CloudForms for RHEL 6 | RedHat | rubygem-compass-0:0.11.5-2.el6cf | * |
| CloudForms for RHEL 6 | RedHat | rubygem-compass-960-plugin-0:0.10.4-2.el6cf | * |
| CloudForms for RHEL 6 | RedHat | rubygem-delayed_job-0:2.1.4-2.el6cf | * |
| CloudForms for RHEL 6 | RedHat | rubygem-ldap_fluff-0:0.1.3-1.el6_3 | * |
| CloudForms for RHEL 6 | RedHat | rubygem-mail-0:2.3.0-3.el6cf | * |
| CloudForms for RHEL 6 | RedHat | rubygem-net-ldap-0:0.1.1-3.el6cf | * |
| Red Hat Subscription Asset Manager 1.1 | RedHat | rubygem-actionpack-1:3.0.10-11.el6cf | * |
| Red Hat Subscription Asset Manager 1.1 | RedHat | rubygem-activerecord-1:3.0.10-8.el6cf | * |
| Red Hat Subscription Asset Manager 1.1 | RedHat | rubygem-activesupport-1:3.0.10-5.el6cf | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | graphviz-0:2.26.0-10.el6 | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-console-0:0.0.16-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-broker-0:1.0.11-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-broker-util-0:1.0.15-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-cron-1.4-0:1.0.3-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-diy-0.1-0:1.0.3-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-haproxy-1.4-0:1.0.4-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-jbosseap-6.0-0:1.0.4-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-jbossews-1.0-0:1.0.13-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-jenkins-1.4-0:1.0.2-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-jenkins-client-1.4-0:1.0.2-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-mysql-5.1-0:1.0.5-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-perl-5.10-0:1.0.3-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-php-5.3-0:1.0.5-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-postgresql-8.4-0:1.0.3-2.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-ruby-1.8-0:1.0.7-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-ruby-1.9-scl-0:1.0.8-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-msg-node-mcollective-0:1.0.3-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | php-0:5.3.3-22.el6 | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | ruby193-ruby-0:1.9.3.327-25.el6 | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | ruby193-rubygem-actionpack-1:3.2.8-3.el6 | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | ruby193-rubygem-activemodel-0:3.2.8-2.el6 | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | ruby193-rubygem-activerecord-1:3.2.8-3.el6 | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | ruby193-rubygem-railties-0:3.2.8-2.el6 | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | ruby193-rubygem-ruby_parser-0:2.3.1-3.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-actionpack-1:3.0.13-4.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-activemodel-0:3.0.13-3.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-activerecord-1:3.0.13-5.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-bson-0:1.8.1-2.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-mongo-0:1.8.1-2.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-openshift-origin-auth-remote-user-0:1.0.5-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-openshift-origin-console-0:1.0.10-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-openshift-origin-controller-0:1.0.12-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-openshift-origin-node-0:1.0.11-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-ruby_parser-0:2.0.4-6.el6op | * |
| Ruby-rails-3.2 | Ubuntu | quantal | * |
| Ruby-rails-3.2 | Ubuntu | raring | * |
| Ruby-rails-3.2 | Ubuntu | saucy | * |
| Ruby-rails-3.2 | Ubuntu | trusty | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/114.html
- https://cwe.mitre.org/data/definitions/115.html
- https://cwe.mitre.org/data/definitions/151.html
- https://cwe.mitre.org/data/definitions/194.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/593.html
- https://cwe.mitre.org/data/definitions/633.html
- https://cwe.mitre.org/data/definitions/650.html
- https://cwe.mitre.org/data/definitions/94.html
References
- http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
- http://rhn.redhat.com/errata/RHSA-2013-0154.html
- http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released/
- https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en\u0026dmode=source\u0026output=gplain
- http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
- http://rhn.redhat.com/errata/RHSA-2013-0154.html
- http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released/
- https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en\u0026dmode=source\u0026output=gplain