Lucene search
K

5 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/08/19 9:4 p.m.39 views

Security Bulletin: Vulnerability in RubyGems rest-client affects IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis (CVE-2015-1820)

Summary RubyGems rest-client component vulnerability allows for hijacking user session. Vulnerability Details CVE-ID: CVE-2015-1820 Description: RubyGems rest-client could allow a remote attacker to hijack a valid user''s session, caused by Set-Cookie headers being present in an HTTP 30x...

9.8CVSS8AI score0.04345EPSS
Exploits0Affected Software1
Debian CVE
Debian CVE
added 2017/08/09 6:0 p.m.35 views

CVE-2015-1820

REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...

9.8CVSS9.3AI score0.04345EPSS
Exploits0
CVE
CVE
added 2017/08/09 6:0 p.m.107 views

CVE-2015-1820

The CVE-2015-1820 vulnerability affects the RubyGem rest-client (REST client for Ruby) up to version 1.8.0, where Set-Cookie headers in HTTP 30x redirects can be reused by an attacker to hijack a user session or access cookies. The connected documents corroborate this issue across multiple source...

9.8CVSS9AI score0.04345EPSS
Exploits0References4Affected Software1
Mageia
Mageia
added 2015/05/15 6:23 p.m.53 views

Updated ruby-rest-client packages fix security vulnerabilities

Updated ruby-rest-client packages fix security vulnerability: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. This can be used in a session fixation...

9.8CVSS9.3AI score0.04345EPSS
Exploits0References4
RubySec
RubySec
added 2015/03/24 12:0 a.m.39 views

CVE-2015-1820 rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses

REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...

9.8CVSS8.6AI score0.04345EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder