Ruby on Rails cgi_process.rb Cookie Related Session Fixation
2007-10-12T00:00:00
ID OSVDB:39193 Type osvdb Reporter OSVDB Modified 2007-10-12T00:00:00
Description
Vulnerability Description
Ruby on Rails contains a flaw that may allow a malicious user to hijack the session of another via session fixation.
Solution Description
Upgrade to rails 1.2.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
References:
Vendor Specific Solution URL: http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release
Vendor Specific Solution URL: http://security.gentoo.org/glsa/glsa-200711-17.xml
Vendor Specific News/Changelog Entry: http://dev.rubyonrails.org/changeset/8177</a>
Vendor Specific News/Changelog Entry: http://dev.rubyonrails.org/changeset/8177
Vendor Specific News/Changelog Entry: http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
Vendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=195315
Vendor Specific News/Changelog Entry: http://dev.rubyonrails.org/ticket/10048</a>
Secunia Advisory ID:27781Secunia Advisory ID:27657
Other Advisory URL: http://dev.rubyonrails.org/ticket/10048
FrSIRT Advisory: ADV-2007-4009
FrSIRT Advisory: ADV-2007-3508
CVE-2007-6077
Bugtraq ID: 26598
{"href": "https://vulners.com/osvdb/OSVDB:39193", "id": "OSVDB:39193", "reporter": "OSVDB", "published": "2007-10-12T00:00:00", "description": "## Vulnerability Description\nRuby on Rails contains a flaw that may allow a malicious user to hijack the session of another via session fixation.\n## Solution Description\nUpgrade to rails 1.2.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor Specific Solution URL: http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release\nVendor Specific Solution URL: http://security.gentoo.org/glsa/glsa-200711-17.xml\nVendor Specific News/Changelog Entry: http://dev.rubyonrails.org/changeset/8177</a>\nVendor Specific News/Changelog Entry: http://dev.rubyonrails.org/changeset/8177\nVendor Specific News/Changelog Entry: http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=195315\nVendor Specific News/Changelog Entry: http://dev.rubyonrails.org/ticket/10048</a>\n[Secunia Advisory ID:27781](https://secuniaresearch.flexerasoftware.com/advisories/27781/)\n[Secunia Advisory ID:27657](https://secuniaresearch.flexerasoftware.com/advisories/27657/)\nOther Advisory URL: http://dev.rubyonrails.org/ticket/10048\nFrSIRT Advisory: ADV-2007-4009\nFrSIRT Advisory: ADV-2007-3508\n[CVE-2007-6077](https://vulners.com/cve/CVE-2007-6077)\nBugtraq ID: 26598\n", "title": "Ruby on Rails cgi_process.rb Cookie Related Session Fixation", "lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "references": [], "edition": 1, "cvelist": ["CVE-2007-6077"], "affectedSoftware": [{"name": "Ruby on Rails", "operator": "eq", "version": "1.2.5"}], "viewCount": 0, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2017-04-28T13:20:35", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-6077"]}, {"type": "github", "idList": ["GHSA-P4C6-77GC-694X"]}, {"type": "freebsd", "idList": ["30ACB8AE-9D46-11DC-9114-001C2514716C"]}, {"type": "nessus", "idList": ["ROR_SESSION_FIXATION.NASL", "GENTOO_GLSA-200912-02.NASL", "FREEBSD_PKG_30ACB8AE9D4611DC9114001C2514716C.NASL", "MACOSX_SECUPD2007-009.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231066602", "OPENVAS:102023", "OPENVAS:1361412562310102023", "OPENVAS:59647", "OPENVAS:66602"]}, {"type": "gentoo", "idList": ["GLSA-200912-02"]}], "modified": "2017-04-28T13:20:35", "rev": 2}, "vulnersScore": 6.4}, "modified": "2007-10-12T00:00:00"}
{"cve": [{"lastseen": "2021-02-02T05:31:28", "description": "The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380.", "edition": 5, "cvss3": {}, "published": "2007-11-21T21:46:00", "title": "CVE-2007-6077", "type": "cve", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-6077"], "modified": "2019-08-08T15:42:00", "cpe": ["cpe:/a:rubyonrails:rails:1.2.4"], "id": "CVE-2007-6077", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6077", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*"]}], "freebsd": [{"lastseen": "2019-05-29T18:34:30", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6077"], "description": "\nRails core team reports:\n\nThe rails core team has released ruby on rails 1.2.6 to\n\t address a bug in the fix for session fixation attacks\n\t (CVE-2007-5380). The CVE Identifier for this new issue\n\t is CVE-2007-6077.\n\n", "edition": 4, "modified": "2007-11-24T00:00:00", "published": "2007-11-24T00:00:00", "id": "30ACB8AE-9D46-11DC-9114-001C2514716C", "href": "https://vuxml.freebsd.org/freebsd/30acb8ae-9d46-11dc-9114-001c2514716c.html", "title": "rubygem-rails -- session-fixation vulnerability", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "github": [{"lastseen": "2020-03-10T23:26:16", "bulletinFamily": "software", "cvelist": ["CVE-2007-6077"], "description": "The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380.", "edition": 2, "modified": "2019-07-03T21:02:00", "published": "2017-10-24T18:33:38", "id": "GHSA-P4C6-77GC-694X", "href": "https://github.com/advisories/GHSA-p4c6-77gc-694x", "title": "Moderate severity vulnerability that affects rails", "type": "github", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-02T21:10:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6077", "CVE-2007-5380"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-29T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:59647", "href": "http://plugins.openvas.org/nasl.php?oid=59647", "type": "openvas", "title": "FreeBSD Ports: rubygem-rails", "sourceData": "#\n#VID 30acb8ae-9d46-11dc-9114-001c2514716c\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: rubygem-rails\n\nCVE-2007-6077\nThe session fixation protection mechanism in cgi_process.rb in Rails\n1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute\nfrom the DEFAULT_SESSION_OPTIONS constant, which effectively causes\ncookie_only to be applied only to the first instantiation of\nCgiRequest, which allows remote attackers to conduct session fixation\nattacks. NOTE: this is due to an incomplete fix for CVE-2007-5380.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\nif(description)\n{\n script_id(59647);\n script_version(\"$Revision: 4175 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-29 07:45:50 +0200 (Thu, 29 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-6077\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: rubygem-rails\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"rubygem-rails\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2.6\")<0) {\n txt += 'Package rubygem-rails version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6077", "CVE-2009-4214", "CVE-2009-3086", "CVE-2009-3009", "CVE-2009-2422", "CVE-2008-4094", "CVE-2008-7248", "CVE-2007-5380"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200912-02.", "modified": "2018-04-06T00:00:00", "published": "2009-12-30T00:00:00", "id": "OPENVAS:136141256231066602", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066602", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200912-02 (rails)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in Rails, the worst of which\n leading to the execution of arbitrary SQL statements.\";\ntag_solution = \"All Ruby on Rails 2.3.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-ruby/rails-2.3.5'\n\nAll Ruby on Rails 2.2.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '=dev-ruby/rails-2.2.3-r1'\n\nNOTE: All applications using Ruby on Rails should also be configured to\n use the latest version available by running 'rake rails:update' inside\n the application directory.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200912-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=200159\nhttp://bugs.gentoo.org/show_bug.cgi?id=237385\nhttp://bugs.gentoo.org/show_bug.cgi?id=247549\nhttp://bugs.gentoo.org/show_bug.cgi?id=276279\nhttp://bugs.gentoo.org/show_bug.cgi?id=283396\nhttp://bugs.gentoo.org/show_bug.cgi?id=294797\nhttp://www.gentoo.org/security/en/glsa/glsa-200711-17.xml\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200912-02.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66602\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2007-5380\", \"CVE-2007-6077\", \"CVE-2008-4094\", \"CVE-2008-7248\", \"CVE-2009-2422\", \"CVE-2009-3009\", \"CVE-2009-3086\", \"CVE-2009-4214\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200912-02 (rails)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-ruby/rails\", unaffected: make_list(\"ge 2.3.5\", \"rge 2.2.3-r1\"), vulnerable: make_list(\"lt 2.2.2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6077", "CVE-2009-4214", "CVE-2009-3086", "CVE-2009-3009", "CVE-2009-2422", "CVE-2008-4094", "CVE-2008-7248", "CVE-2007-5380"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200912-02.", "modified": "2017-07-07T00:00:00", "published": "2009-12-30T00:00:00", "id": "OPENVAS:66602", "href": "http://plugins.openvas.org/nasl.php?oid=66602", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200912-02 (rails)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in Rails, the worst of which\n leading to the execution of arbitrary SQL statements.\";\ntag_solution = \"All Ruby on Rails 2.3.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-ruby/rails-2.3.5'\n\nAll Ruby on Rails 2.2.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '=dev-ruby/rails-2.2.3-r1'\n\nNOTE: All applications using Ruby on Rails should also be configured to\n use the latest version available by running 'rake rails:update' inside\n the application directory.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200912-02\nhttp://bugs.gentoo.org/show_bug.cgi?id=200159\nhttp://bugs.gentoo.org/show_bug.cgi?id=237385\nhttp://bugs.gentoo.org/show_bug.cgi?id=247549\nhttp://bugs.gentoo.org/show_bug.cgi?id=276279\nhttp://bugs.gentoo.org/show_bug.cgi?id=283396\nhttp://bugs.gentoo.org/show_bug.cgi?id=294797\nhttp://www.gentoo.org/security/en/glsa/glsa-200711-17.xml\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200912-02.\";\n\n \n \n\nif(description)\n{\n script_id(66602);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2007-5380\", \"CVE-2007-6077\", \"CVE-2008-4094\", \"CVE-2008-7248\", \"CVE-2009-2422\", \"CVE-2009-3009\", \"CVE-2009-3086\", \"CVE-2009-4214\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200912-02 (rails)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-ruby/rails\", unaffected: make_list(\"ge 2.3.5\", \"rge 2.2.3-r1\"), vulnerable: make_list(\"lt 2.2.2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5855", "CVE-2007-6165", "CVE-2007-1662", "CVE-2007-4768", "CVE-2007-4351", "CVE-2007-5857", "CVE-2007-1661", "CVE-2007-6077", "CVE-2007-4709", "CVE-2007-5848", "CVE-2007-4572", "CVE-2007-5379", "CVE-2007-4710", "CVE-2007-1659", "CVE-2006-0024", "CVE-2007-5856", "CVE-2007-4965", "CVE-2007-5770", "CVE-2007-4708", "CVE-2007-5861", "CVE-2007-1660", "CVE-2007-5476", "CVE-2007-5858", "CVE-2007-5850", "CVE-2007-5116", "CVE-2007-5860", "CVE-2007-3798", "CVE-2007-4131", "CVE-2007-4767", "CVE-2007-5859", "CVE-2007-5851", "CVE-2007-3876", "CVE-2007-5398", "CVE-2007-5854", "CVE-2007-5863", "CVE-2007-4766", "CVE-2007-1218", "CVE-2007-5847", "CVE-2007-5849", "CVE-2007-5853", "CVE-2007-5380"], "description": "The remote host is missing Security Update 2007-009.", "modified": "2019-03-19T00:00:00", "published": "2010-05-12T00:00:00", "id": "OPENVAS:1361412562310102023", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102023", "type": "openvas", "title": "Mac OS X Security Update 2007-009", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n# $Id: macosx_secupd_2007-009.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Mac OS X Security Update 2007-009\n#\n# LSS-NVT-2010-012\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102023\");\n script_version(\"$Revision: 14307 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2007-4708\", \"CVE-2007-4709\", \"CVE-2007-4710\", \"CVE-2007-5847\", \"CVE-2007-5848\",\n \"CVE-2007-4351\", \"CVE-2007-5849\", \"CVE-2007-5850\", \"CVE-2007-5476\", \"CVE-2007-4131\",\n \"CVE-2007-5851\", \"CVE-2007-5853\", \"CVE-2007-5854\", \"CVE-2007-6165\", \"CVE-2007-5855\",\n \"CVE-2007-5116\", \"CVE-2007-4965\", \"CVE-2007-5856\", \"CVE-2007-5857\", \"CVE-2007-5770\",\n \"CVE-2007-5379\", \"CVE-2007-5380\", \"CVE-2007-6077\", \"CVE-2007-5858\", \"CVE-2007-5859\",\n \"CVE-2007-4572\", \"CVE-2007-5398\", \"CVE-2006-0024\", \"CVE-2007-3876\", \"CVE-2007-5863\",\n \"CVE-2007-5860\", \"CVE-2007-5861\", \"CVE-2007-1218\", \"CVE-2007-3798\", \"CVE-2007-1659\",\n \"CVE-2007-1660\", \"CVE-2007-1661\", \"CVE-2007-1662\", \"CVE-2007-4766\", \"CVE-2007-4767\",\n \"CVE-2007-4768\");\n script_name(\"Mac OS X Security Update 2007-009\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[45]\\.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT2012\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing Security Update 2007-009.\");\n\n script_tag(name:\"affected\", value:\"One or more of the following components are affected:\n\n Address Book\n\n CFNetwork\n\n ColorSync\n\n Core Foundation\n\n CUPS\n\n Desktop Services\n\n Flash Player Plug-in\n\n GNU Tar\n\n iChat\n\n IO Storage Family\n\n Launch Services\n\n Mail\n\n perl\n\n python\n\n Quick Look\n\n ruby\n\n Safari\n\n Safari RSS\n\n Samba\n\n Shockwave Plug-in\n\n SMB\n\n Software Update\n\n Spin Tracer\n\n Spotlight\n\n tcpdump\n\n XQuery\");\n\n script_tag(name:\"solution\", value:\"Update your Mac OS X operating system. Please see the references for more information.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver || ssh_osx_ver !~ \"^10\\.[45]\\.\") exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\",\"Mac OS X 10.5.1\",\"Mac OS X Server 10.5.1\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.1\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.1\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X 10.5.1\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.1\")) {\n if(version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.1\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n else if((ssh_osx_ver == osx_ver(ver:\"Mac OS X Server 10.5.1\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:09:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5855", "CVE-2007-6165", "CVE-2007-1662", "CVE-2007-4768", "CVE-2007-4351", "CVE-2007-5857", "CVE-2007-1661", "CVE-2007-6077", "CVE-2007-4709", "CVE-2007-5848", "CVE-2007-4572", "CVE-2007-5379", "CVE-2007-4710", "CVE-2007-1659", "CVE-2006-0024", "CVE-2007-5856", "CVE-2007-4965", "CVE-2007-5770", "CVE-2007-4708", "CVE-2007-5861", "CVE-2007-1660", "CVE-2007-5476", "CVE-2007-5858", "CVE-2007-5850", "CVE-2007-5116", "CVE-2007-5860", "CVE-2007-3798", "CVE-2007-4131", "CVE-2007-4767", "CVE-2007-5859", "CVE-2007-5851", "CVE-2007-3876", "CVE-2007-5398", "CVE-2007-5854", "CVE-2007-5863", "CVE-2007-4766", "CVE-2007-1218", "CVE-2007-5847", "CVE-2007-5849", "CVE-2007-5853", "CVE-2007-5380"], "description": "The remote host is missing Security Update 2007-009.\n One or more of the following components are affected:\n\n Address Book\n CFNetwork\n ColorSync\n Core Foundation\n CUPS\n Desktop Services\n Flash Player Plug-in\n GNU Tar\n iChat\n IO Storage Family\n Launch Services\n Mail\n perl\n python\n Quick Look\n ruby\n Safari\n Safari RSS\n Samba\n Shockwave Plug-in\n SMB\n Software Update\n Spin Tracer\n Spotlight\n tcpdump\n XQuery", "modified": "2017-02-22T00:00:00", "published": "2010-05-12T00:00:00", "id": "OPENVAS:102023", "href": "http://plugins.openvas.org/nasl.php?oid=102023", "type": "openvas", "title": "Mac OS X Security Update 2007-009", "sourceData": "###################################################################\n# OpenVAS Vulnerability Test\n#\n# Mac OS X Security Update 2007-009\n#\n# LSS-NVT-2010-012\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Update your Mac OS X operating system.\n\n For more information see:\n http://support.apple.com/kb/HT2012\";\n\ntag_summary = \"The remote host is missing Security Update 2007-009.\n One or more of the following components are affected:\n\n Address Book\n CFNetwork\n ColorSync\n Core Foundation\n CUPS\n Desktop Services\n Flash Player Plug-in\n GNU Tar\n iChat\n IO Storage Family\n Launch Services\n Mail\n perl\n python\n Quick Look\n ruby\n Safari\n Safari RSS\n Samba\n Shockwave Plug-in\n SMB\n Software Update\n Spin Tracer\n Spotlight\n tcpdump\n XQuery\";\n\n\nif(description)\n{\n script_id(102023);\n script_version(\"$Revision: 5394 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-22 10:22:42 +0100 (Wed, 22 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-12 14:48:44 +0200 (Wed, 12 May 2010)\");\n script_cve_id(\"CVE-2007-4708\",\"CVE-2007-4709\",\"CVE-2007-4710\",\"CVE-2007-5847\",\"CVE-2007-5848\",\"CVE-2007-4351\",\"CVE-2007-5849\",\"CVE-2007-5850\",\"CVE-2007-5476\",\"CVE-2007-4131\",\"CVE-2007-5851\",\"CVE-2007-5853\",\"CVE-2007-5854\",\"CVE-2007-6165\",\"CVE-2007-5855\",\"CVE-2007-5116\",\"CVE-2007-4965\",\"CVE-2007-5856\",\"CVE-2007-5857\",\"CVE-2007-5770\",\"CVE-2007-5379\",\"CVE-2007-5380\",\"CVE-2007-6077\",\"CVE-2007-5858\",\"CVE-2007-5859\",\"CVE-2007-4572\",\"CVE-2007-5398\",\"CVE-2006-0024\",\"CVE-2007-3876\",\"CVE-2007-5863\",\"CVE-2007-5860\",\"CVE-2007-5861\",\"CVE-2007-1218\",\"CVE-2007-3798\",\"CVE-2007-1659\",\"CVE-2007-1660\",\"CVE-2007-1661\",\"CVE-2007-1662\",\"CVE-2007-4766\",\"CVE-2007-4767\",\"CVE-2007-4768\");\n script_name(\"Mac OS X Security Update 2007-009\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Mac OS X Local Security Checks\");\n script_require_ports(\"Services/ssh\", 22);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nssh_osx_name = get_kb_item(\"ssh/login/osx_name\");\nif (!ssh_osx_name) exit (0);\n\nssh_osx_ver = get_kb_item(\"ssh/login/osx_version\");\nif (!ssh_osx_ver) exit (0);\n\nssh_osx_rls = ssh_osx_name + ' ' + ssh_osx_ver;\n\npkg_for_ver = make_list(\"Mac OS X 10.4.11\",\"Mac OS X Server 10.4.11\",\"Mac OS X 10.5.1\",\"Mac OS X Server 10.5.1\");\n\nif (rlsnotsupported(rls:ssh_osx_rls, list:pkg_for_ver)) { security_message(0); exit(0);}\n\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.4.11\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.4.11\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.4.11\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X 10.5.1\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X 10.5.1\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X 10.5.1\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message(0); exit(0);}\n}\nif (osx_rls_name(rls:ssh_osx_rls) == osx_rls_name(rls:\"Mac OS X Server 10.5.1\")) {\n if (version_is_less(version:osx_ver(ver:ssh_osx_rls), test_version:osx_ver(ver:\"Mac OS X Server 10.5.1\"))) { security_message(0); exit(0);}\n else if ((ssh_osx_ver==osx_ver(ver:\"Mac OS X Server 10.5.1\")) && (isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2007.009\"))) { security_message(0); exit(0);}\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-07T10:41:04", "description": "Rails core team reports :\n\nThe rails core team has released ruby on rails 1.2.6 to address a bug\nin the fix for session fixation attacks (CVE-2007-5380). The CVE\nIdentifier for this new issue is CVE-2007-6077.", "edition": 24, "published": "2007-11-29T00:00:00", "title": "FreeBSD : rubygem-rails -- session-fixation vulnerability (30acb8ae-9d46-11dc-9114-001c2514716c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6077", "CVE-2007-5380"], "modified": "2007-11-29T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rubygem-rails", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_30ACB8AE9D4611DC9114001C2514716C.NASL", "href": "https://www.tenable.com/plugins/nessus/28348", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(28348);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-6077\");\n\n script_name(english:\"FreeBSD : rubygem-rails -- session-fixation vulnerability (30acb8ae-9d46-11dc-9114-001c2514716c)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rails core team reports :\n\nThe rails core team has released ruby on rails 1.2.6 to address a bug\nin the fix for session fixation attacks (CVE-2007-5380). The CVE\nIdentifier for this new issue is CVE-2007-6077.\"\n );\n # https://vuxml.freebsd.org/freebsd/30acb8ae-9d46-11dc-9114-001c2514716c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59e1f270\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-rails<1.2.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T06:00:51", "description": "The web server on the remote host appears to be a version of Ruby on\nRails that supports URL-based sessions. An unauthenticated, remote\nattacker may be able to leverage this issue to obtain an authenticated\nsession. \n\nNote that Ruby on Rails version 1.2.4 was initially supposed to\naddress this issue, but its session fixation logic only works for the\nfirst request, when CgiRequest is first instantiated.", "edition": 25, "published": "2007-11-28T00:00:00", "title": "Ruby on Rails Multiple Method Session Fixation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6077", "CVE-2007-5380"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:rubyonrails:ruby_on_rails"], "id": "ROR_SESSION_FIXATION.NASL", "href": "https://www.tenable.com/plugins/nessus/28333", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28333);\n script_version(\"1.16\");\n\n script_cve_id(\"CVE-2007-5380\", \"CVE-2007-6077\");\n script_bugtraq_id(26096, 26598);\n\n script_name(english:\"Ruby on Rails Multiple Method Session Fixation\");\n script_summary(english:\"Tries to pass a session cookie via URL\"); \n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server is affected by a session fixation vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The web server on the remote host appears to be a version of Ruby on\nRails that supports URL-based sessions. An unauthenticated, remote\nattacker may be able to leverage this issue to obtain an authenticated\nsession. \n\nNote that Ruby on Rails version 1.2.4 was initially supposed to\naddress this issue, but its session fixation logic only works for the\nfirst request, when CgiRequest is first instantiated.\" );\n # http://web.archive.org/web/20100618053211/http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4902c46\" );\n # https://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release//\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d79d2646\" );\n # http://web.archive.org/web/20100706163252/http://dev.rubyonrails.org/ticket/10048\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?abd8800d\" );\n # https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/I5sDT0-AiDQ\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0bcaddc8\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Ruby on Rails version 1.2.6 or later and make sure\n'config.action_controller.session_options[:cookie_only]' is set to\n'true' in the 'config/environment.rb' file.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(362);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/11/28\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:rubyonrails:ruby_on_rails\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\", \"no404.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\nif (get_kb_item(\"www/no404/\" + port))\n exit(0, \"The web server on port \"+port+\" does not return 404 codes.\");\n\n# Request a nonexistent page.\nforeach dir (cgi_dirs())\n{\n clear_cookiejar();\n url = string(dir, \"/\", unixtime(), \"-\", SCRIPT_NAME);\n\n r = http_send_recv3(method: 'GET', item:url, port:port, exit_on_fail: 1);\n\n # Look for a session cookie.\n cookies = get_http_cookies_names();\n if (! isnull(cookies))\n {\n # Copy the cookie jar, we are going to clear it \n cookie_val = NULL;\n foreach cookie_name (cookies)\n cookie_val[cookie_name] = get_http_cookie(name: cookie_name, path: url);\n \n foreach cookie_name (cookies)\n {\n # If either...\n if (\n # we're paranoid and the cookie name is not PHP's default or...\n (\n report_paranoia > 1 && \n \"PHPSESSID\" >!< cookie_name && \n \"ASPSESSIONID\" >!< cookie_name\n ) ||\n # it looks like one commonly used by RoR\n cookie_name =~ \"_(sess|session)_id$\"\n )\n {\n\t clear_cookiejar();\n\t val = cookie_val[cookie_name];\n\t if (isnull(val))\n\t {\n\t debug_print('Cookie ', cookie_name, ' is not set.\\n');\n\t continue;\n\t }\n # Try to pass the cookie in as a parameter.\n r = http_send_recv3(method: \"GET\", \n item:string(url, \"?\", cookie_name, \"=\", val), \n port:port, exit_on_fail: 1\n );\n\n # There's a problem if we get the same cookie back.\n\t val2 = get_http_cookie(name: cookie_name, path: url);\n if (val == val2)\n {\n security_warning(port);\n exit(0);\n }\n }\n }\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:35", "description": "The remote host is affected by the vulnerability described in GLSA-200912-02\n(Ruby on Rails: Multiple vulnerabilities)\n\n The following vulnerabilities were discovered:\n sameer\n reported that lib/action_controller/cgi_process.rb removes the\n :cookie_only attribute from the default session options\n (CVE-2007-6077), due to an incomplete fix for CVE-2007-5380 (GLSA\n 200711-17).\n Tobias Schlottke reported that the :limit and\n :offset parameters of ActiveRecord::Base.find() are not properly\n sanitized before being processed (CVE-2008-4094).\n Steve from\n Coderrr reported that the CRSF protection in protect_from_forgery()\n does not parse the text/plain MIME format (CVE-2008-7248).\n Nate reported a documentation error that leads to the assumption\n that a block returning nil passed to\n authenticate_or_request_with_http_digest() would deny access to the\n requested resource (CVE-2009-2422).\n Brian Mastenbrook reported\n an input sanitation flaw, related to multibyte characters\n (CVE-2009-3009).\n Gabe da Silveira reported an input sanitation\n flaw in the strip_tags() function (CVE-2009-4214).\n Coda Hale\n reported an information disclosure vulnerability related to HMAC\n digests (CVE-2009-3086).\n \nImpact :\n\n A remote attacker could send specially crafted requests to a vulnerable\n application, possibly leading to the execution of arbitrary SQL\n statements or a circumvention of access control. A remote attacker\n could also conduct session fixation attacks to hijack a user's session\n or bypass the CSRF protection mechanism, or furthermore conduct\n Cross-Site Scripting attacks or forge a digest via multiple attempts.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 29, "published": "2009-12-22T00:00:00", "title": "GLSA-200912-02 : Ruby on Rails: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6077", "CVE-2009-4214", "CVE-2009-3086", "CVE-2009-3009", "CVE-2009-2422", "CVE-2008-4094", "CVE-2008-7248", "CVE-2007-5380"], "modified": "2009-12-22T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:rails", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200912-02.NASL", "href": "https://www.tenable.com/plugins/nessus/43378", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200912-02.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43378);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5380\", \"CVE-2007-6077\", \"CVE-2008-4094\", \"CVE-2008-7248\", \"CVE-2009-2422\", \"CVE-2009-3009\", \"CVE-2009-3086\", \"CVE-2009-4214\");\n script_bugtraq_id(31176, 36278, 37142);\n script_xref(name:\"GLSA\", value:\"200912-02\");\n\n script_name(english:\"GLSA-200912-02 : Ruby on Rails: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200912-02\n(Ruby on Rails: Multiple vulnerabilities)\n\n The following vulnerabilities were discovered:\n sameer\n reported that lib/action_controller/cgi_process.rb removes the\n :cookie_only attribute from the default session options\n (CVE-2007-6077), due to an incomplete fix for CVE-2007-5380 (GLSA\n 200711-17).\n Tobias Schlottke reported that the :limit and\n :offset parameters of ActiveRecord::Base.find() are not properly\n sanitized before being processed (CVE-2008-4094).\n Steve from\n Coderrr reported that the CRSF protection in protect_from_forgery()\n does not parse the text/plain MIME format (CVE-2008-7248).\n Nate reported a documentation error that leads to the assumption\n that a block returning nil passed to\n authenticate_or_request_with_http_digest() would deny access to the\n requested resource (CVE-2009-2422).\n Brian Mastenbrook reported\n an input sanitation flaw, related to multibyte characters\n (CVE-2009-3009).\n Gabe da Silveira reported an input sanitation\n flaw in the strip_tags() function (CVE-2009-4214).\n Coda Hale\n reported an information disclosure vulnerability related to HMAC\n digests (CVE-2009-3086).\n \nImpact :\n\n A remote attacker could send specially crafted requests to a vulnerable\n application, possibly leading to the execution of arbitrary SQL\n statements or a circumvention of access control. A remote attacker\n could also conduct session fixation attacks to hijack a user's session\n or bypass the CSRF protection mechanism, or furthermore conduct\n Cross-Site Scripting attacks or forge a digest via multiple attempts.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200711-17\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200912-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Ruby on Rails 2.3.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-ruby/rails-2.3.5'\n All Ruby on Rails 2.2.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '=dev-ruby/rails-2.2.3-r1'\n NOTE: All applications using Ruby on Rails should also be configured to\n use the latest version available by running 'rake rails:update' inside\n the application directory.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 79, 89, 200, 287, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-ruby/rails\", unaffected:make_list(\"ge 2.3.5\", \"rge 2.2.3-r1\"), vulnerable:make_list(\"lt 2.2.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Ruby on Rails\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T03:41:01", "description": "The remote host is running a version of Mac OS X 10.5 or 10.4 that does\nnot have Security Update 2007-009 applied. \n\nThis update contains several security fixes for a large number of\nprograms.", "edition": 25, "published": "2007-12-18T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2007-009)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-5855", "CVE-2007-6165", "CVE-2007-1662", "CVE-2007-4768", "CVE-2007-4351", "CVE-2007-5857", "CVE-2007-1661", "CVE-2007-6077", "CVE-2007-4709", "CVE-2007-5848", "CVE-2007-4572", "CVE-2007-5379", "CVE-2007-4710", "CVE-2007-1659", "CVE-2006-0024", "CVE-2007-5856", "CVE-2007-4965", "CVE-2007-5770", "CVE-2007-4708", "CVE-2007-5861", "CVE-2007-1660", "CVE-2007-5476", "CVE-2007-5858", "CVE-2007-5850", "CVE-2007-5116", "CVE-2007-5860", "CVE-2007-3798", "CVE-2007-4131", "CVE-2007-4767", "CVE-2007-5859", "CVE-2007-5851", "CVE-2007-3876", "CVE-2007-5398", "CVE-2007-5854", "CVE-2007-5863", "CVE-2007-4766", "CVE-2007-1218", "CVE-2007-5847", "CVE-2007-5849", "CVE-2007-5853", "CVE-2007-5380"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2007-009.NASL", "href": "https://www.tenable.com/plugins/nessus/29723", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29723);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2006-0024\", \"CVE-2007-1218\", \"CVE-2007-1659\", \"CVE-2007-1660\", \"CVE-2007-1661\",\n \"CVE-2007-1662\", \"CVE-2007-3798\", \"CVE-2007-3876\", \"CVE-2007-4131\", \"CVE-2007-4351\",\n \"CVE-2007-4572\", \"CVE-2007-4708\", \"CVE-2007-4709\", \"CVE-2007-4710\", \"CVE-2007-4766\",\n \"CVE-2007-4767\", \"CVE-2007-4768\", \"CVE-2007-4965\", \"CVE-2007-5116\", \"CVE-2007-5379\",\n \"CVE-2007-5380\", \"CVE-2007-5398\", \"CVE-2007-5476\", \"CVE-2007-5770\", \"CVE-2007-5847\",\n \"CVE-2007-5848\", \"CVE-2007-5849\", \"CVE-2007-5850\", \"CVE-2007-5851\", \"CVE-2007-5853\",\n \"CVE-2007-5854\", \"CVE-2007-5855\", \"CVE-2007-5856\", \"CVE-2007-5857\", \"CVE-2007-5858\",\n \"CVE-2007-5859\", \"CVE-2007-5860\", \"CVE-2007-5861\", \"CVE-2007-5863\", \"CVE-2007-6077\",\n \"CVE-2007-6165\");\n script_bugtraq_id(17106, 22772, 24965, 25417, 25696, 26096, 26268, 26274, 26346,\n 26350, 26421, 26454, 26455, 26510, 26598, 26908, 26910, 26926);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2007-009)\");\n script_summary(english:\"Check for the presence of Security Update 2007-009\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.5 or 10.4 that does\nnot have Security Update 2007-009 applied. \n\nThis update contains several security fixes for a large number of\nprograms.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=307179\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/advisories/13649\");\n script_set_attribute(attribute:\"solution\", value:\"Install Security Update 2007-009.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mail.app Image Attachment Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(16, 20, 22, 79, 119, 134, 189, 200, 264, 287, 310, 362, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif ( ! uname ) exit(0);\nif ( egrep(pattern:\"Darwin.* (8\\.[0-9]\\.|8\\.1[01]\\.)\", string:uname) )\n{\n packages = get_kb_item(\"Host/MacOSX/packages\");\n if ( ! packages ) exit(0);\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2007-009|200[89]-|20[1-9][0-9]-)\", string:packages))\n security_hole(0);\n}\nelse if ( egrep(pattern:\"Darwin.* (9\\.[01]\\.)\", string:uname) )\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if ( ! packages ) exit(0);\n if ( !egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.2007\\.009\\.bom\", string:packages) )\n\tsecurity_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:38", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6077", "CVE-2009-4214", "CVE-2009-3086", "CVE-2009-3009", "CVE-2009-2422", "CVE-2008-4094", "CVE-2008-7248", "CVE-2007-5380"], "edition": 1, "description": "### Background\n\nRuby on Rails is a web-application and persistence framework. \n\n### Description\n\nThe following vulnerabilities were discovered: \n\n * sameer reported that lib/action_controller/cgi_process.rb removes the :cookie_only attribute from the default session options (CVE-2007-6077), due to an incomplete fix for CVE-2007-5380 (GLSA 200711-17).\n * Tobias Schlottke reported that the :limit and :offset parameters of ActiveRecord::Base.find() are not properly sanitized before being processed (CVE-2008-4094).\n * Steve from Coderrr reported that the CRSF protection in protect_from_forgery() does not parse the text/plain MIME format (CVE-2008-7248).\n * Nate reported a documentation error that leads to the assumption that a block returning nil passed to authenticate_or_request_with_http_digest() would deny access to the requested resource (CVE-2009-2422).\n * Brian Mastenbrook reported an input sanitation flaw, related to multibyte characters (CVE-2009-3009).\n * Gabe da Silveira reported an input sanitation flaw in the strip_tags() function (CVE-2009-4214).\n * Coda Hale reported an information disclosure vulnerability related to HMAC digests (CVE-2009-3086).\n\n### Impact\n\nA remote attacker could send specially crafted requests to a vulnerable application, possibly leading to the execution of arbitrary SQL statements or a circumvention of access control. A remote attacker could also conduct session fixation attacks to hijack a user's session or bypass the CSRF protection mechanism, or furthermore conduct Cross-Site Scripting attacks or forge a digest via multiple attempts. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Ruby on Rails 2.3.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-ruby/rails-2.3.5\"\n\nAll Ruby on Rails 2.2.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \"=dev-ruby/rails-2.2.3-r1\"\n\nNOTE: All applications using Ruby on Rails should also be configured to use the latest version available by running \"rake rails:update\" inside the application directory.", "modified": "2009-12-20T00:00:00", "published": "2009-12-20T00:00:00", "id": "GLSA-200912-02", "href": "https://security.gentoo.org/glsa/200912-02", "type": "gentoo", "title": "Ruby on Rails: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
