Page 5 of 41 results (0.002 seconds)
CVSS: 6.8EPSS: 4%CPEs: 139EXPL: 0
CVSS: 6.8EPSS: 4%CPEs: 139EXPL: 0CVE-2007-6077
https://notcve.org/view.php?id=CVE-2007-6077
21 Nov 2007 — The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380. El mecanismo de protección de fijación de sesión en el archivo cgi_process.rb en Rails versión 1.2.4, como es... • http://dev.rubyonrails.org/changeset/8177 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •