CVE-2004-0755
published 2004-10-20CVE-2004-0755: The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to…
PriorityP45low2.1CVSS 2.0
AVLACLAuNCPINAN
EPSS
0.36%
28.3th percentile
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yukihiro_matsumoto | ruby | — | — |
| yukihiro_matsumoto | ruby | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-59m9-8c72-5426: The FileStore capability in CGI::Session for Ruby before 1
ghsa_unreviewed·2022-04-29
CVE-2004-0755 [LOW] GHSA-59m9-8c72-5426: The FileStore capability in CGI::Session for Ruby before 1
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
Red Hat
security flaw
vendor_redhat·2004-07-22·CVSS 2.1
CVE-2004-0755 [LOW] security flaw
security flaw
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
No detection rules found.
http://secunia.com/advisories/12290/http://www.debian.org/security/2004/dsa-537http://www.gentoo.org/security/en/glsa/glsa-200409-08.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:128https://exchange.xforce.ibmcloud.com/vulnerabilities/16996https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11128http://secunia.com/advisories/12290/http://www.debian.org/security/2004/dsa-537http://www.gentoo.org/security/en/glsa/glsa-200409-08.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:128https://exchange.xforce.ibmcloud.com/vulnerabilities/16996https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11128
2004-10-20
Published