Lucene search

[email protected]NVD:CVE-2007-5380

HistoryOct 19, 2007 - 11:17 p.m.

CVE-2007-5380

2007-10-1923:17:00

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.1

Confidence

High

EPSS

0.021

Percentile

89.5%

JSON

Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to “URL-based sessions.”

Affected configurations

Nvd

Node

david_hanssonruby_on_railsRange≤1.2.3

VendorProductVersionCPE
david_hanssonruby_on_rails*cpe:2.3:a:david_hansson:ruby_on_rails:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
david_hansson	ruby_on_rails	*	cpe:2.3:a:david_hansson:ruby_on_rails::::::::

References

bugs.gentoo.org/show_bug.cgi?id=195315

docs.info.apple.com/article.html?artnum=307179

lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

secunia.com/advisories/27657

secunia.com/advisories/27965

secunia.com/advisories/28136

security.gentoo.org/glsa/glsa-200711-17.xml

weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release

www.novell.com/linux/security/advisories/2007_25_sr.html

www.securityfocus.com/bid/26096

www.us-cert.gov/cas/techalerts/TA07-352A.html

www.vupen.com/english/advisories/2007/3508

www.vupen.com/english/advisories/2007/4238

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

9.1

Confidence

High

EPSS

0.021

Percentile

89.5%

JSON

Related for NVD:CVE-2007-5380

debiancve2 github2 cve2 prion2 rubygems2 nessus6 ubuntucve2 cvelist2 osv2 openvas8 freebsd1 nvd1 securityvulns2 gentoo2