Sha256: 0a539d7c67834da8cceb19bd0f9c73d6dedcf370d48756e39e3e709c67381eed

Contents?: true

Size: 867 Bytes

Versions: 6

Compression:

Stored size: 867 Bytes

Contents

---
gem: rest-client
cve: 2015-1820
osvdb: 119878
url: https://github.com/rest-client/rest-client/issues/369
title: 'rubygem-rest-client: session fixation vulnerability via Set-Cookie headers in 30x redirection responses'
date: 2015-03-24
description: |
  rest-client in abstract_response.rb improperly handles Set-Cookie headers on
  HTTP 30x redirection responses. Any cookies will be forwarded to the
  redirection target regardless of domain, path, or expiration.

  If you control a redirection source, you can cause rest-client to perform a
  request to any third-party domain with cookies of your choosing, which may be
  useful in performing a session fixation attack.

  If you control a redirection target, you can steal any cookies set by the
  third-party redirection request.
cvss_v2:
unaffected_versions:
  - "<= 1.6.0"
patched_versions:
  - ">= 1.8.0"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/rest-client/CVE-2015-1820.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/rest-client/CVE-2015-1820.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/rest-client/CVE-2015-1820.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/rest-client/CVE-2015-1820.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/rest-client/CVE-2015-1820.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/rest-client/CVE-2015-1820.yml