CVE

Id
35306  
CVE No.
CVE-2008-5189  
Status
Candidate  
Description
CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.  
Phase
Assigned (20081120)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
387030 35306 CVE-2008-5189 CONFIRM:http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d  View
387031 35306 CVE-2008-5189 CONFIRM:http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing  View
387032 35306 CVE-2008-5189 CONFIRM:http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk  View
387033 35306 CVE-2008-5189 SUSE:SUSE-SR:2008:027  View
387034 35306 CVE-2008-5189 URL:http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html  View
387035 35306 CVE-2008-5189 BID:32359  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
49783 JVNDB-2008-005093 W1L3D4 Philboard の search.asp におけるクロスサイトスクリプティングの脆弱性 W1L3D4 Philboard の search.asp には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2008-5193 35306 4.3 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-005093.html  View