HTTP: X-Forwarded-For Cross-Site Script Injection

This signature detects attempts to exploit a known flaw in Ruby-on-Rails and Zenphoto. Other web languages and applications may also be vulnerable. An attacker may send a malformed HTTP 'X-Forwarded-For' header which could inject scripts into a user's web browser. A successful attack could result in arbitrary script execution on the target's host. Alternatively, some proxies do not follow internet standards and will improperly modify this header, which will trigger this Attack Object.

Extended Description

Ruby on Rails is prone to a vulnerability that allows attackers to inject arbitrary content into the 'X-Forwarded-For', 'X-Forwarded-Host' and 'X-Forwarded-Server' HTTP headers because the 'WEBrick::HTTPRequest' module fails to sufficiently sanitize input. By inserting arbitrary data into the affected HTTP header field, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks. NOTE: This issue only affects requests sent from clients on the same subnet as the server. Ruby on Rails 3.0.5 is vulnerable; other versions may also be affected.

Affected Products

Ruby_on_rails ruby_on_rails

References

BugTraq: 46423 47544

CVE: CVE-2023-1658

URL: http://www.rubyonrails.com/ http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html http://seclists.org/fulldisclosure/2011/Feb/338 http://www.zenphoto.org/ http://en.wikipedia.org/wiki/X-Forwarded-For#Format https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_chs_230331_en.pdf https://www.tenable.com/security/research/tra-2023-14

Short Name

HTTP:XSS:X-FORWARDED-FOR-INJ

Severity

Major

Recommended

False

Recommended Action

Drop

HTTP: X-Forwarded-For Cross-Site Script Injection

Extended Description

Affected Products

References

Found a potential security threat?