CVE-2008-5189: CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks…

CVE-2008-5189 [MEDIUM] rails is vulnerable to CRLF injection rails is vulnerable to CRLF injection CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

CVE-2008-5189 [MEDIUM] CWE-352 rails is vulnerable to CRLF injection rails is vulnerable to CRLF injection CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

CVE-2008-5189 [MEDIUM] CVE-2008-5189: CRLF injection vulnerability in Ruby on Rails before 2 CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

CVE-2008-5189 [MEDIUM] rubygems-actionpack: redirect HTTP header injection vulnerability rubygems-actionpack: redirect HTTP header injection vulnerability CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

CVE-2008-5189 [MEDIUM] CVE-2008-5189: rails - CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attacke... CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function. Scope: local bookworm: resolved (fixed in 2.1.0-6) bullseye: resolved (fixed in 2.1.0-6) forky: resolved (fixed in 2.1.0-6) sid: resolved (fixed in 2.1.0-6) trixie: resolved (fixed in 2.1.0-6)

CVE-2008-5189 [MEDIUM] ruby: HTTP response splitting issue in CGI module ruby: HTTP response splitting issue in CGI module HTTP response splitting issue was reported for Rails: http://weblog.rubyonrails.com/2008/10/19/response-splitting-risk This issue was assigned CVE id CVE-2008-5189 and is tracked via bug #472510. The underlying issue exists in the Ruby's CGI module. Following patch was proposed for Ruby's CGI module: http://article.gmane.org/gmane.comp.lang.ruby.core/18709 It does not seem to have been committed upstream yet. References: http://bugs.gentoo.org/show_bug.cgi?id=242914 Discussion: Hi guys, I don't think this patch should be applied. * Upstream did not accepted the proposed patch and it is not in upstream [1] * It breaks conformity to standard * Neither Gentoo applied this patch as can be seen from link above * Rails handles the issue.

CVE-2008-5189 [HIGH] CVE-2008-5189 rubygems-actionpack: redirect HTTP header injection vulnerability CVE-2008-5189 rubygems-actionpack: redirect HTTP header injection vulnerability Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5189 to the following vulnerability: CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5189 http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk http://www.securityfocus.com/bid/32359 Note: The "offet-limit-sanitization" issue was originall