FreeBSD : rubygem-paperclip -- validation bypass vulnerability (0f154810-16e4-11e5-a1cf-002590263bf5)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Jon Yurek reports :

Thanks to MORI Shingo of DeNA Co., Ltd. for reporting this.

There is an issue where if an HTML file is uploaded with a .html
extension, but the content type is listed as being `image/jpeg`, this
will bypass a validation checking for images. But it will also pass
the spoof check, because a file named .html and containing actual HTML
passes the spoof check.

This change makes it so that we also check the supplied content type.
So even if the file contains HTML and ends with .html, it doesn't
match the content type of `image/jpeg` and so it fails.

See also :

http://www.nessus.org/u?aaf2d29b
https://robots.thoughtbot.com/paperclip-security-release
http://jvn.jp/en/jp/JVN83881261/index.html
http://www.nessus.org/u?81b46b97

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 84322 ()

Bugtraq ID:

CVE ID: CVE-2015-2963

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now