CVE-2007-5380

Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via…

mitre·NVD-CWE-Other·Published 2007-10-19

CVSS

—

EPSS

0.04

KEV

Exploits

cve.orgen

184 chars

Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."

NVDen

184 chars

Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."

OSV.deven

184 chars

Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."

GHSAen

184 chars

Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."

NVDes

246 chars

Vulnerabilidad de fijación de sesión en el Rails anterior al 1.2.4, como el utilizado en el "Ruby on Rails", permite a atacantes remotos secuestrar la sesión web a través de vectores sin especificar relacionados con las "sesiones basadas en URL".

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P