6 matches found
openSUSE Security Update : rubygem-actionpack-2_3 (rubygem-actionpack-2_3-1934)
This update of rubygems fixes two vulnerabilities : - CVE-2008-7248: CVSS v2 Base Score: 4.3 Rails CSRF protection can be bypassed by using special content-types for a HTTP request. - CVE-2009-4214: CVSS v2 Base Score: 4.3 The method striptags does not completely protect against XSS attacks...
openSUSE Security Update : rubygem-actionpack (rubygem-actionpack-1946)
This update of rubygems fixes two vulnerabilities : - CVE-2008-7248: CVSS v2 Base Score: 4.3 Rails CSRF protection can be bypassed by using special content-types for a HTTP request. - CVE-2009-4214: CVSS v2 Base Score: 4.3 The method striptags does not completely protect against XSS attacks...
openSUSE Security Update : rubygem-actionpack (rubygem-actionpack-1946)
This update of rubygems fixes two vulnerabilities : - CVE-2008-7248: CVSS v2 Base Score: 4.3 Rails CSRF protection can be bypassed by using special content-types for a HTTP request. - CVE-2009-4214: CVSS v2 Base Score: 4.3 The method striptags does not completely protect against XSS attacks...
Gentoo Security Advisory GLSA 200912-02 (rails)
The remote host is missing updates announced in advisory GLSA 200912-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
CVE-2008-7248
Affected software / component: Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 in which CSRF protection relies on token verification. Vulnerability / root cause: Rails CSRF protection can be bypassed because tokens are not verified for requests with certain content types (demonstrated with ...
CVE-2008-7248
creationtimestamp| type| source ---|---|--- 2009-12-14 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/33402...