Vulnerabilities > Rubyonrails > Rails > 1.2.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-11-21 | CVE-2007-6077 | Race Condition vulnerability in Rubyonrails Rails 1.2.4 The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. | 6.8 |