CVE-2007-6077

Опубликовано: 21 нояб. 2007

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.0415

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

CVE-2007-6077

ubuntu

около 18 лет назад

CVE-2007-6077

debian

около 18 лет назад

The session fixation protection mechanism in cgi_process.rb in Rails 1 ...

GHSA-p4c6-77gc-694x

github

около 8 лет назад

session fixation protection mechanism in cgi_process.rb in Rails

EPSS

Процентиль: 88%

0.0415

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-362