Описание
Session fixation vulnerability in Rails
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-5380
- https://github.com/advisories/GHSA-jwhv-rgqc-fqj5
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml
- http://bugs.gentoo.org/show_bug.cgi?id=195315
- http://docs.info.apple.com/article.html?artnum=307179
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://secunia.com/advisories/27657
- http://secunia.com/advisories/27965
- http://secunia.com/advisories/28136
- http://security.gentoo.org/glsa/glsa-200711-17.xml
- http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
- http://www.novell.com/linux/security/advisories/2007_25_sr.html
- http://www.securityfocus.com/bid/26096
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://www.vupen.com/english/advisories/2007/3508
- http://www.vupen.com/english/advisories/2007/4238
Пакеты
Наименование
rails
rubygems
Затронутые версииВерсия исправления
< 1.2.4
1.2.4
Связанные уязвимости
ubuntu
больше 18 лет назад
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
nvd
больше 18 лет назад
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
debian
больше 18 лет назад
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby ...