Lucene search

MitreCVELIST:CVE-2008-5189

HistoryNov 21, 2008 - 11:00 a.m.

CVE-2008-5189

2008-11-2111:00:00

mitre

www.cve.org

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.5%

JSON

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

References

github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d

lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing

weblog.rubyonrails.org/2008/10/19/response-splitting-risk

www.securityfocus.com/bid/32359