Ruby on Rails JSON Processor YAML Deserialization Code Execution
03 February 2013
A remote exploitation of an input validation error vulnerability in versions prior to 3.0.20, 2.3.16 of Ruby on Rails. The vulnerable application fails to validate specially crafted JSON requests that are processed by the YAML parser. This vulnerability is very similar to CVE-2013-0156.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cybercriminals were able to successfully steal tax forms full of personal information of more than 100,000 taxpayers through IRSí Get Transcript application. This data included Social Security information, date of birth and street address.
The average consolidated total cost of a data breach is $3.8 million, according to a Ponemon Institute study of 350 companies spanning 11 countries. The average cost incurred for each lost or stolen record containing sensitive and confidential information increased from $145 to $154.
Data leaks and other news events over the past few years have brought insider threats to the forefront of public attention, but most companies still lack the means or motivation to protect themselves from malicious insiders.
Whether you're taking a personal holiday or a business trip, traveling by car or by plane, planning a quick jaunt or preparing for an extended stay, make sure your security best practices are coming along for the ride.