Lucene search

[email protected]CVE-2007-5380

HistoryOct 19, 2007 - 11:17 p.m.

CVE-2007-5380

2007-10-1923:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

rails

session fixation

vulnerability

ruby on rails

cve-2007-5380

6.3 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.028 Low

EPSS

Percentile

90.6%

JSON

Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to “URL-based sessions.”

CPENameOperatorVersion
david_hansson:ruby_on_railsdavid hansson ruby on railsle1.2.3

CPE	Name	Operator	Version
david_hansson:ruby_on_rails	david hansson ruby on rails	le	1.2.3

References

bugs.gentoo.org/show_bug.cgi?id=195315

docs.info.apple.com/article.html?artnum=307179

lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

secunia.com/advisories/27657

secunia.com/advisories/27965

secunia.com/advisories/28136

security.gentoo.org/glsa/glsa-200711-17.xml

weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release

www.novell.com/linux/security/advisories/2007_25_sr.html

www.securityfocus.com/bid/26096

www.us-cert.gov/cas/techalerts/TA07-352A.html

www.vupen.com/english/advisories/2007/3508

www.vupen.com/english/advisories/2007/4238

6.3 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.028 Low

EPSS

Percentile

90.6%

JSON

Related for CVE-2007-5380

osv2 github2 prion2 debiancve2 ubuntucve2 nessus6 rubygems1 securityvulns2 openvas8 cve1 freebsd1 gentoo2