Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Ruby On Rails error on PCI test

Discussion in 'General Discussion' started by afonic, Jul 2, 2009.

  1. afonic

    afonic Registered

    Feb 22, 2006
    Likes Received:
    Trophy Points:
    I am running the HackerGuardian PCI Compliance test and I am getting the following security warning:

    Security warning found on port/service "nbx-ser (2095/tcp)"  	
    	Plugin 	 "Ruby on Rails Session Fixation Vulnerability" 	
    	Category 	 "Web Servers " 	
    	Priority 	 "Medium Priority "Synopsis :  The remote web server is affected by a session fixation vulnerability.   Description :  The web server on the remote host appears to be a version of Ruby on Rails that supports URL-based sessions.  An unauthenticated remote attacker may be able to leverage this issue to obtain an authenticated session.   Note that Ruby on Rails version 1.2.4 was initially supposed to address this issue, but its session fixation logic only works for the first request, when CgiRequest is first instantiated. 	
    	See also: 	
    	   Solution :  Upgrade to Ruby on Rails version 1.2.6 or later and make sure 'config.action_controller.session_options[:cookie_only]' is set to 'true' in the 'config/environment.rb' file. 	
    	   Risk factor :  Medium / CVSS Base Score : 6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P) 	
    	   CVE: 	CVE-2007-5380 	
    	BID : 26096, 26598 Other references : OSVDB:39193, OSVDB:40718 	
    	      If you think this vulnerability is a false positive, already patched or if  compensating controls exist within your infrastructure please 	
    	click here.
    However I cannot locate that file or find any information about how I could solve this issue. As a matter of fact I cannot find instructions for removing Ruby from cPanel all together.

    Any ideas?

    PS. I am using CentOS 5.3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice