Lucene search
K

12 matches found

Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.33 views

session fixation protection mechanism in cgi_process.rb in Rails

The session fixation protection mechanism in cgiprocess.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookieonly attribute from the DEFAULTSESSIONOPTIONS constant, which effectively causes cookieonly to be applied only to the first instantiation of CgiRequest, which allows remote...

6.8CVSS6.3AI score0.02512EPSS
Exploits0References15Affected Software1
OpenVAS
OpenVAS
added 2010/05/12 12:0 a.m.272 views

Mac OS X Security Update 2007-009

The remote host is missing Security Update 2007-009. One or more of the following components are affected: Address Book CFNetwork ColorSync Core Foundation CUPS Desktop Services Flash Player Plug-in GNU Tar iChat IO Storage Family Launch Services Mail perl python Quick Look ruby Safari Safari RSS...

10CVSS8.6AI score0.70386EPSS
Exploits24
OpenVAS
OpenVAS
added 2009/12/30 12:0 a.m.60 views

Gentoo Security Advisory GLSA 200912-02 (rails)

The remote host is missing updates announced in advisory GLSA 200912-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

7.5CVSS0.7AI score0.0808EPSS
Exploits5
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.39 views

Gentoo Security Advisory GLSA 200711-17 (rails)

The remote host is missing updates announced in advisory GLSA 200711-17. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

6.8CVSS0.03969EPSS
Exploits1
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.20 views

Gentoo Security Advisory GLSA 200711-17 (rails)

The remote host is missing updates announced in advisory GLSA 200711-17. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS9.6AI score0.03969EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2007/11/30 12:0 a.m.38 views

openSUSE 10 Security Update : rubygem-actionpack (rubygem-actionpack-4754)

Malicious users could specify their session-ID in the URL and could gain access to an authenticated session that way CVE-2007-5380. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

6.8CVSS5.3AI score0.03576EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2007/11/24 12:0 a.m.39 views

rubygem-rails -- session-fixation vulnerability

Rails core team reports: The rails core team has released ruby on rails 1.2.6 to address a bug in the fix for session fixation attacks CVE-2007-5380. The CVE Identifier for this new issue is CVE-2007-6077...

6.8CVSS6.4AI score0.03576EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2007/11/21 9:46 p.m.26 views

CVE-2007-6077

The session fixation protection mechanism in cgiprocess.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookieonly attribute from the DEFAULTSESSIONOPTIONS constant, which effectively causes cookieonly to be applied only to the first instantiation of CgiRequest, which allows remote...

6.8CVSS5.9AI score0.02512EPSS
Exploits0References3
Prion
Prion
added 2007/11/21 9:46 p.m.23 views

Session fixation

The session fixation protection mechanism in cgiprocess.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookieonly attribute from the DEFAULTSESSIONOPTIONS constant, which effectively causes cookieonly to be applied only to the first instantiation of CgiRequest, which allows remote...

6.8CVSS6.5AI score0.03576EPSS
Exploits0References11Affected Software1
securityvulns
securityvulns
added 2007/11/15 12:0 a.m.73 views

[ GLSA 200711-17 ] Ruby on Rails: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...

6.8CVSS9.9AI score0.03969EPSS
Exploits1
OSV
OSV
added 2007/10/19 11:17 p.m.7 views

CVE-2007-5380

Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."...

6.3AI score
Exploits0References13
CVE
CVE
added 2007/10/19 11:0 p.m.106 views

CVE-2007-5380

CVE-2007-5380 affects Ruby on Rails

6.8CVSS9.2AI score0.03576EPSS
Exploits0References13Affected Software1
Rows per page
Query Builder