5 matches found
Mac OS X Security Update 2007-009
The remote host is missing Security Update 2007-009. One or more of the following components are affected: Address Book CFNetwork ColorSync Core Foundation CUPS Desktop Services Flash Player Plug-in GNU Tar iChat IO Storage Family Launch Services Mail perl python Quick Look ruby Safari Safari RSS...
Gentoo Security Advisory GLSA 200912-02 (rails)
The remote host is missing updates announced in advisory GLSA 200912-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
rubygem-rails -- session-fixation vulnerability
Rails core team reports: The rails core team has released ruby on rails 1.2.6 to address a bug in the fix for session fixation attacks CVE-2007-5380. The CVE Identifier for this new issue is CVE-2007-6077...
CVE-2007-6077
The session fixation protection mechanism in cgiprocess.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookieonly attribute from the DEFAULTSESSIONOPTIONS constant, which effectively causes cookieonly to be applied only to the first instantiation of CgiRequest, which allows remote...
CVE-2007-6077
The CVE-2007-6077 issue affects Ruby on Rails (Rails 1.2.4) in the session handling code: the session fixation protection in cgi_process.rb removes the :cookie_only attribute from DEFAULT_SESSION_OPTIONS, causing cookie_only to apply only to the first CgiRequest instance. This enables remote atta...