Description

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

Remediation

References

CVE-2008-5189

Related Vulnerabilities

phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-0792)

Oracle JRE CVE-2023-21939 Vulnerability (CVE-2023-21939)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.26)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4285)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.10)

Severity

Medium

Classification

CVE-2008-5189 CWE-352

Tags

Missing Update Known Vulnerabilities