VDB
CVE-2016-0752
CVE-2016-0752
REJECTED
KEV
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
EPSS 90.49% · 99.6th percentile
Risk Scores
EPSS Score
90.49%
99.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | rails | *, *, 0 |
Exploit Intelligence
- forced-request/rails-rce-cve-2016-0752 (github-poc-repo)
- forced-request/rails-rce-cve-2016-0752 (github-poc-repo)
- forced-request/rails-rce-cve-2016-0752 (github-poc-repo)
- forced-request/rails-rce-cve-2016-0752 (github-poc-repo)
- forced-request/rails-rce-cve-2016-0752 (github-poc-repo)
- forced-request/rails-rce-cve-2016-0752 (github-poc-repo)
- forced-request/rails-rce-cve-2016-0752 (github-poc-repo)
- forced-request/rails-rce-cve-2016-0752 (github-poc-repo)
- dachidahu/CVE-2016-0752 (github-poc-repo)
- dachidahu/CVE-2016-0752 (github-poc-repo)
…and 107 more exploits
Timeline
- CVE Published
- Mar 1, 2016 PoC Published
- Mar 1, 2016 PoC Published
- Oct 15, 2016 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 25, 2022 CISA KEV Added
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-0752 third-party-advisory
- https://marc.info/?l=oss-security&m=145375068928706&w=2 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-0752 third-party-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory