MEDIUM
GHSA-jwhv-rgqc-fqj5
Session fixation vulnerability in Rails
Details
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2007-5380 [ADVISORY]
- https://github.com/advisories/GHSA-jwhv-rgqc-fqj5 [ADVISORY]
- https://github.com/rails/rails [PACKAGE]
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml [WEB]
- http://bugs.gentoo.org/show_bug.cgi?id=195315 [WEB]
- http://docs.info.apple.com/article.html?artnum=307179 [WEB]
- http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html [WEB]
- http://secunia.com/advisories/27657 [WEB]
- http://secunia.com/advisories/27965 [WEB]
- http://secunia.com/advisories/28136 [WEB]
- http://security.gentoo.org/glsa/glsa-200711-17.xml [WEB]
- http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release [WEB]
- http://www.novell.com/linux/security/advisories/2007_25_sr.html [WEB]
- http://www.securityfocus.com/bid/26096 [WEB]
- http://www.us-cert.gov/cas/techalerts/TA07-352A.html [WEB]
- http://www.vupen.com/english/advisories/2007/3508 [WEB]
- http://www.vupen.com/english/advisories/2007/4238 [WEB]