Lucene search

K

PRIOn knowledge basePRION:CVE-2008-5189

HistoryNov 21, 2008 - 12:00 p.m.

Crlf injection

2008-11-2112:00:00

PRIOn knowledge base

www.prio-n.com

4

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

58.6%

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

CPENameOperatorVersion
railseq1.2.4
railseq0.9.1
railseq0.9.2
railseq0.9.3
railseq0.9.4
railseq0.9.4.1
railseq0.10.0
railseq0.10.1
railseq0.11.0
railseq0.11.1

Rows per page:

1-10 of 491

References

lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing

weblog.rubyonrails.org/2008/10/19/response-splitting-risk

www.securityfocus.com/bid/32359

github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

58.6%

Related for PRION:CVE-2008-5189

openvas8 debiancve1 nessus4 ubuntucve1 fedora5 github1 osv1 cve1