Published: 19/10/2007 Updated: 08/03/2011

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Session fixation vulnerability in Rails prior to 1.2.4, as used for Ruby on Rails, allows remote malicious users to hijack web sessions via unspecified vectors related to "URL-based sessions."

Vulnerable Product	Search on Vulmon	Subscribe to Product
david hansson ruby on rails

Debian Bug report logs - #452748 rails: CVE-2007-6077 unauthorized disclosure of information Package: rails; Maintainer for rails is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Source for rails is src:rails (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: ...

NVD-CWE-Other http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release http://www.securityfocus.com/bid/26096 http://bugs.gentoo.org/show_bug.cgi?id=195315 http://security.gentoo.org/glsa/glsa-200711-17.xml http://www.novell.com/linux/security/advisories/2007_25_sr.html http://secunia.com/advisories/27657 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://www.us-cert.gov/cas/techalerts/TA07-352A.html http://secunia.com/advisories/27965 http://secunia.com/advisories/28136 http://www.vupen.com/english/advisories/2007/3508 http://www.vupen.com/english/advisories/2007/4238 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452748 https://nvd.nist.gov

CVE-2007-5380

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect