Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ruby On Rails Exploit Used To Build IRC Botnet

Posted by Unknown on from the bad-script-kiddie dept.

Trailrunner7 writes "Developers who have not updated their Ruby on Rails installations with a five-month-old security patch would do well to secure the Web development framework now. Exploit code has surfaced for CVE-2013-0156 that is being used to build a botnet of compromised servers. Exploit code has been publicly available since the vulnerability was disclosed in January on Github and Metasploit, yet the vulnerability had not been exploited on a large scale until now, said security researcher Jeff Jarmoc." One reason your web server firewall might want to block IRC connections to arbitrary hosts.

1 of 91 comments (clear)

  1. Fix is here... by mystikkman · · Score: 5, Funny

    Fix is here.

    http://www.asp.net/