Описание
Session fixation vulnerability in Rails
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-5380
- https://github.com/advisories/GHSA-jwhv-rgqc-fqj5
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml
- http://bugs.gentoo.org/show_bug.cgi?id=195315
- http://docs.info.apple.com/article.html?artnum=307179
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
- http://secunia.com/advisories/27657
- http://secunia.com/advisories/27965
- http://secunia.com/advisories/28136
- http://security.gentoo.org/glsa/glsa-200711-17.xml
- http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
- http://www.novell.com/linux/security/advisories/2007_25_sr.html
- http://www.securityfocus.com/bid/26096
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html
- http://www.vupen.com/english/advisories/2007/3508
- http://www.vupen.com/english/advisories/2007/4238
Пакеты
Наименование
rails
rubygems
Затронутые версииВерсия исправления
< 1.2.4
1.2.4
Связанные уязвимости
ubuntu
почти 18 лет назад
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
nvd
почти 18 лет назад
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
debian
почти 18 лет назад
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby ...