The remote host is vulnerable to multiple attack vectors.
The remote server is running the Ruby on Rails web application. This version of Rails is reported to be vulnerable to a flaw in the way that it handles user-supplied input to the 'redirect_to()' function in the 'ActionController::Base' class. An attacker exploiting this flaw would be able to inject arbitrary HTTP headers that could lead to cross-site request forgery (CSRF), cross-site scripting (XSS) and other attacks.
Upgrade to version 2.0.5 or higher.