CVE-2007-5380 (rails): Moderate severity vulnerability that affects rails

Moderate severity vulnerability that affects rails

Published: October 24, 2017

SEVERITY

CVSS v2.0: 6.8 (Medium)

PATCHED VERSIONS

>= 1.2.4

DESCRIPTION

Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."

https://nvd.nist.gov/vuln/detail/CVE-2007-5380
http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
https://github.com/advisories/GHSA-jwhv-rgqc-fqj5
http://bugs.gentoo.org/show_bug.cgi?id=195315
http://security.gentoo.org/glsa/glsa-200711-17.xml

RubySec

CVE-2007-5380 (rails): Moderate severity vulnerability that affects rails

Moderate severity vulnerability that affects rails

SECURITY IDENTIFIERS

GEM

FRAMEWORK

SEVERITY

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories