7 matches found
CAN-2004-0755
CVE-2004-0755 relates to Ruby CGI::Session's FileStore creating session files with insecure permissions, potentially allowing session information leakage. The JVN entry describes the issue, noting improper file permissions in CGI::Session FileStore. Fedo ra advisories mention a security fix and p...
Mandrake Linux Security Advisory : ruby (MDKSA-2004:128)
Andres Salomon noticed a problem with the CGI session management in Ruby. The CGI:Session's FileStore implementations store session information in an insecure manner by just creating files and ignoring permission issues CVE-2004-0755. The ruby developers have corrected a problem in the ruby CGI...
CVE-2004-0755
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions...
CVE-2004-0755
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions...
Fedora Core 2 : ruby-1.8.1-6 (2004-264)
Thu Aug 19 2004 Akira TAGOH 1.8.1-6 - security fix CVE-2004-0755 - ruby-1.8.1-cgisessionperms.patch: sets the permission of the session data file to 0600. 130063 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable...
CVE-2004-0755
The CVE concerns Ruby CGI::Session FileStore creating session files with insecure permissions, enabling local users to read session data and hijack sessions. Technical details across connected docs confirm: FileStore writes session files with improper permissions, enabling a local information lea...
CVE-2004-0755
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions...