Session fixation vulnerability in Rails

GHSA-jwhv-rgqc-fqj5 · CVE-2007-5380

Published Oct 24, 2017 · Modified Apr 9, 2025

Description

Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2007-5380
ADVISORY https://github.com/advisories/GHSA-jwhv-rgqc-fqj5
PACKAGE https://github.com/rails/rails
WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml
WEB http://bugs.gentoo.org/show_bug.cgi?id=195315
WEB http://docs.info.apple.com/article.html?artnum=307179
WEB http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
WEB http://secunia.com/advisories/27657
WEB http://secunia.com/advisories/27965
WEB http://secunia.com/advisories/28136
WEB http://security.gentoo.org/glsa/glsa-200711-17.xml
WEB http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
WEB http://www.novell.com/linux/security/advisories/2007_25_sr.html
WEB http://www.securityfocus.com/bid/26096
WEB http://www.us-cert.gov/cas/techalerts/TA07-352A.html
WEB http://www.vupen.com/english/advisories/2007/3508
WEB http://www.vupen.com/english/advisories/2007/4238

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes