ID CVE-2007-5380
Summary Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
References
Vulnerable Configurations
  • cpe:2.3:a:david_hansson:ruby_on_rails:*:*:*:*:*:*:*:*
    cpe:2.3:a:david_hansson:ruby_on_rails:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 08-03-2011 - 03:00)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
apple APPLE-SA-2007-12-17
bid 26096
cert TA07-352A
confirm
gentoo GLSA-200711-17
secunia
  • 27657
  • 27965
  • 28136
suse SUSE-SR:2007:025
vupen
  • ADV-2007-3508
  • ADV-2007-4238
Last major update 08-03-2011 - 03:00
Published 19-10-2007 - 23:17
Back to Top