Launchpad.net

CVE 2007-5380

Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."

Related bugs and status

CVE-2007-5380 (Candidate) is related to these bugs:

Bug #163832: [rails] Several vulnerabilities allowing for file disclosure and theft of user credentials

		In	Importance	Status
163832	[rails] Several vulnerabilities allowing for file disclosure and theft of user credentials	rails (Ubuntu)	Undecided	Fix Released
163832	[rails] Several vulnerabilities allowing for file disclosure and theft of user credentials	rails (Ubuntu Dapper)	Undecided	Won't Fix
163832	[rails] Several vulnerabilities allowing for file disclosure and theft of user credentials	rails (Ubuntu Edgy)	Undecided	Won't Fix
163832	[rails] Several vulnerabilities allowing for file disclosure and theft of user credentials	rails (Ubuntu Feisty)	Undecided	Won't Fix
163832	[rails] Several vulnerabilities allowing for file disclosure and theft of user credentials	rails (Ubuntu Gutsy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://weblog.rubyonra...
BID: 26096
CONFIRM: http://bugs.gentoo.org...
GENTOO: GLSA-200711-17
SECUNIA: 27657
SUSE: SUSE-SR:2007:025
CONFIRM: http://docs.info.apple...
APPLE: APPLE-SA-2007-12-17
CERT: TA07-352A
SECUNIA: 27965
SECUNIA: 28136
VUPEN: ADV-2007-3508
VUPEN: ADV-2007-4238