Published: 29/08/2011 Updated: 08/08/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x prior to 2.3.13 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.

Affected Products

Vendor Product Versions
RubyonrailsRails2.3.2, 2.3.3, 2.3.4, 2.3.9, 2.3.10, 2.3.11, 2.3.12

Vendor Advisories

Several vulnerabilities have been discovered in Rails, the Ruby web application framework The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4214 A cross-site scripting (XSS) vulnerability had been found in the strip_tags function An attacker may inject non-printable characters that certain b ...