Ruby on Rails vulnerability leads to full control of remote server

A very serious vulnerability was found and patch made available immediately for the increasingly popular Ruby on Rails application. It’s estimated that there are some 250k+ websites that are affected. It contains a weakness that allows an attacker to bypass authentication systems, inject and execute arbitrary code and perform denial of service (DOS) attacks on any Ruby application. One attack vector enables execution of code at the server level; which means that the threat goes beyond your application and has the potential to penetrate further into your infrastructure and/or impact any neighboring applications that may not be built on Ruby on Rails.

Takeaway: Besides adopting secure programming practices, the underlying application layer always needs to be updated frequently and immediately when such vulnerabilities are out. A web application firewall deployment would greatly enhance security and make the hackers look elsewhere.