2 matches found
SUSE CVE-2004-0755
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions...
Ruby CGI Session Management Insecure File Permission Vulnerability
Overview Ruby uses CGI::Session's FileStore. FileStore creates a session file with improper permission and this could lead to session information leak. Impact An attacker could hijack sessions utilizing stolen information. Solution Please refer to the 'Vendor Information' section for official...