Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby on Rails Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability - CVE-2007-6077 - Vulnerability Database
Ruby on Rails

Ruby on Rails Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability - CVE-2007-6077

Medium
Reference: CVE-2007-6077
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2007-6077
Title: Ruby on Rails Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability
Overview:

The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4 as used in Ruby on Rails removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380.