Bugsalert.com
Security News about Viruses, Spyware,
Trojans, Malware, XSS attacks.
Home | Sitemap

CVE-2007-6077 (Ruby on Rails)
BugsAlert Home > CVE-2007-6077 (Ruby on Rails)
 
 

The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes :cookie_only to only be applied to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380.




Original Source: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6077

Learn more about CVE-2007-6077 (Ruby on Rails)
 
Tags: cve-2007-6077 ruby rails

Related Items
      Bugtraq: [ MDVSA-2008:011 ] - Updated rsync packages fix restrictions bypass vulnerabilities

      CVE-2008-3519 (jboss_enterprise_application_platform)

      CVE-2008-4908 (crossfire)

      FrSIRT - Kolab Server ClamAV Multiple Denial of Service Vulnerabilities

      Vuln: Microsoft Excel Style Record Remote Code Execution Vulnerability

      Microsoft Access Snapshot Viewer ActiveX Control Vulnerability

      CVE-2008-4398 (arcserve_backup, business_protection_suite, server_protection_suite)

 
© 2007-2008 BugsAlert.com Original template by Arcsin Hosted By 1and1


Pixel