Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5189

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-5189
Last Modified 06 Jul 2012 12:00:00
Published 21 Nov 2008 07:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5189

Summary

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

Vulnerable Systems

Application

  • Ruby On Rails 0.10.0

  • Ruby On Rails 0.10.1

  • Ruby On Rails 0.11.0

  • Ruby On Rails 0.11.1

  • Ruby On Rails 0.12.0

  • Ruby On Rails 0.12.1

  • Ruby On Rails 0.13.0

  • Ruby On Rails 0.13.1

  • Ruby On Rails 0.14.1

  • Ruby On Rails 0.14.2

  • Ruby On Rails 0.14.3

  • Ruby On Rails 0.14.4

  • Ruby On Rails 0.5.0

  • Ruby On Rails 0.5.5

  • Ruby On Rails 0.5.6

  • Ruby On Rails 0.5.7

  • Ruby On Rails 0.6.0

  • Ruby On Rails 0.6.5

  • Ruby On Rails 0.7.0

  • Ruby On Rails 0.8.0

  • Ruby On Rails 0.8.5

  • Ruby On Rails 0.9.0

  • Ruby On Rails 0.9.1

  • Ruby On Rails 0.9.2

  • Ruby On Rails 0.9.3

  • Ruby On Rails 0.9.4

  • Ruby On Rails 0.9.4.1

  • Ruby On Rails 1.0.0

  • Ruby On Rails 1.1.0

  • Ruby On Rails 1.1.1

  • Ruby On Rails 1.1.2

  • Ruby On Rails 1.1.3

  • Ruby On Rails 1.1.4

  • Ruby On Rails 1.1.5

  • Ruby On Rails 1.1.6

  • Ruby On Rails 1.2.0

  • Ruby On Rails 1.2.1

  • Ruby On Rails 1.2.2

  • Ruby On Rails 1.2.3

  • Ruby On Rails 1.2.4

  • Ruby On Rails 1.2.5

  • Ruby On Rails 1.2.6

  • Ruby On Rails 1.9.5

  • Ruby On Rails 2.0.0

  • Ruby On Rails 2.0.1

  • Ruby On Rails 2.0.2

  • Ruby On Rails 2.0.4

  • Rubyonrails Ruby On Rails 0.10.0

  • Rubyonrails Ruby On Rails 0.10.1

  • Rubyonrails Ruby On Rails 0.11.0

  • Rubyonrails Ruby On Rails 0.11.1

  • Rubyonrails Ruby On Rails 0.12.0

  • Rubyonrails Ruby On Rails 0.12.1

  • Rubyonrails Ruby On Rails 0.13.0

  • Rubyonrails Ruby On Rails 0.13.1

  • Rubyonrails Ruby On Rails 0.14.1

  • Rubyonrails Ruby On Rails 0.14.2

  • Rubyonrails Ruby On Rails 0.14.3

  • Rubyonrails Ruby On Rails 0.14.4

  • Rubyonrails Ruby On Rails 0.5.0

  • Rubyonrails Ruby On Rails 0.5.5

  • Rubyonrails Ruby On Rails 0.5.6

  • Rubyonrails Ruby On Rails 0.5.7

  • Rubyonrails Ruby On Rails 0.6.0

  • Rubyonrails Ruby On Rails 0.6.5

  • Rubyonrails Ruby On Rails 0.7.0

  • Rubyonrails Ruby On Rails 0.8.0

  • Rubyonrails Ruby On Rails 0.8.5

  • Rubyonrails Ruby On Rails 0.9.0

  • Rubyonrails Ruby On Rails 0.9.1

  • Rubyonrails Ruby On Rails 0.9.2

  • Rubyonrails Ruby On Rails 0.9.3

  • Rubyonrails Ruby On Rails 0.9.4

  • Rubyonrails Ruby On Rails 0.9.4.1

  • Rubyonrails Ruby On Rails 1.0.0

  • Rubyonrails Ruby On Rails 1.1.0

  • Rubyonrails Ruby On Rails 1.1.1

  • Rubyonrails Ruby On Rails 1.1.2

  • Rubyonrails Ruby On Rails 1.1.3

  • Rubyonrails Ruby On Rails 1.1.4

  • Rubyonrails Ruby On Rails 1.1.5

  • Rubyonrails Ruby On Rails 1.1.6

  • Rubyonrails Ruby On Rails 1.2.0

  • Rubyonrails Ruby On Rails 1.2.1

  • Rubyonrails Ruby On Rails 1.2.2

  • Rubyonrails Ruby On Rails 1.2.3

  • Rubyonrails Ruby On Rails 1.2.4

  • Rubyonrails Ruby On Rails 1.2.5

  • Rubyonrails Ruby On Rails 1.2.6

  • Rubyonrails Ruby On Rails 1.9.5

  • Rubyonrails Ruby On Rails 2.0.0

  • Rubyonrails Ruby On Rails 2.0.1

  • Rubyonrails Ruby On Rails 2.0.2

  • Rubyonrails Ruby On Rails 2.0.4


References

BID - 32359

CONFIRM - http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk

CONFIRM - http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing

SUSE - SUSE-SR:2008:027

CONFIRM - http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d


Last Updated: 27 May 2016 10:54:50