CVSS: 6.8EPSS: 2%CPEs: 139EXPL: 0CVE-2007-6077
https://notcve.org/view.php?id=CVE-2007-6077
The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380. El mecanismo de protección de fijación de sesión en el archivo cgi_process.rb en Rails versión 1.2.4, como es usado en Ruby on Rails, elimina el atributo :cookie_only de la constante DEFAULT_SESSION_OPTIONS, lo que causa efectivamente que cookie_only se aplique solo a la primera instancia de CgiRequest, lo que permite a atacantes remotos conducir ataques de fijación de sesión. NOTA: esto es debido a una corrección incompleta para el CVE-2007-5380. • http://dev.rubyonrails.org/changeset/8177 http://dev.rubyonrails.org/ticket/10048 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/27781 http://secunia.com/advisories/28136 http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release http://www.securityfocus.com/bid/26598 http://www.us-cert.gov/cas/techalerts/TA07-352A.html http:// • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5379
https://notcve.org/view.php?id=CVE-2007-5379
Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file. El Rails anterior al 1.2.4, como el utilizado en el "Ruby on Rails", permite a atacantes remotos y a los servidores ActiveResource determinar la existencia de ficheros de su elección y leer ficheros XML de su elección a través del método Hash.from_xml (Hash#from_xml), el cual utiliza XmlSimple (XML::Simple) en modo no seguro, como lo demostrado leyendo las contraseñas del fichero Pidgin (Gaim) .purple/accounts.xml. • http://bugs.gentoo.org/show_bug.cgi?id=195315 http://dev.rubyonrails.org/ticket/8453 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://osvdb.org/40717 http://secunia.com/advisories/27657 http://secunia.com/advisories/28136 http://security.gentoo.org/glsa/glsa-200711-17.xml http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release http://www.securityfocus.com/bid/26096 h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-5380
https://notcve.org/view.php?id=CVE-2007-5380
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions." Vulnerabilidad de fijación de sesión en el Rails anterior al 1.2.4, como el utilizado en el "Ruby on Rails", permite a atacantes remotos secuestrar la sesión web a través de vectores sin especificar relacionados con las "sesiones basadas en URL". • http://bugs.gentoo.org/show_bug.cgi?id=195315 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/27657 http://secunia.com/advisories/27965 http://secunia.com/advisories/28136 http://security.gentoo.org/glsa/glsa-200711-17.xml http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release http://www.novell.com/linux/security/advisories/2007_25_sr.html http:&# •
CVSS: 7.5EPSS: 2%CPEs: 33EXPL: 0CVE-2006-4111
https://notcve.org/view.php?id=CVE-2006-4111
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112. Ruby on Rails anterior a 1.1.5 permite a un atacante remoto ejecutar código Ruby con un impacto "severo" o "serio" a través de una respuesta File Upload con una cabecera HTTP que modifica la variable LOAD_PATH, una vulnerabilidad diferente que CVE-2006-4112. • http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html http://secunia.com/advisories/21466 http://secunia.com/advisories/21749 http://securitytracker.com/id?1016673 http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml http://www.novell.com/linux/security/advisories/2006_21_sr.html http://www.securityfocus.com/bid/19454 http://www.vupen.com/english/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •