PT-2007-6432 · Ruby · Ruby On Rails

Published

2007-10-19

·

Updated

2017-10-24

·

CVE-2007-5380

CVSS v2.0

6.8

Medium

VectorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions prior to 1.2.4
Description: The issue allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
Recommendations: For versions prior to 1.2.4, update to version 1.2.4 or later to resolve the issue.

Exploit

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2007-5380
GHSA-JWHV-RGQC-FQJ5

Affected Products

Ruby On Rails