5 matches found
Security Bulletin: Vulnerability in RubyGems rest-client affects IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis (CVE-2015-1820)
Summary RubyGems rest-client component vulnerability allows for hijacking user session. Vulnerability Details CVE-ID: CVE-2015-1820 Description: RubyGems rest-client could allow a remote attacker to hijack a valid user''s session, caused by Set-Cookie headers being present in an HTTP 30x...
CVE-2015-1820
REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...
CVE-2015-1820
The CVE-2015-1820 vulnerability affects the RubyGem rest-client (REST client for Ruby) up to version 1.8.0, where Set-Cookie headers in HTTP 30x redirects can be reused by an attacker to hijack a user session or access cookies. The connected documents corroborate this issue across multiple source...
Updated ruby-rest-client packages fix security vulnerabilities
Updated ruby-rest-client packages fix security vulnerability: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. This can be used in a session fixation...
CVE-2015-1820 rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses
REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...