RubySec

Providing security resources for the Ruby community

CVE-2007-5380 (rails): Moderate severity vulnerability that affects rails

ADVISORIES

GEM

rails

FRAMEWORK

Ruby on Rails

SEVERITY

CVSS v2.0: 6.8 (Medium)

PATCHED VERSIONS

  • >= 1.2.4

DESCRIPTION

Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."

RELATED