Description

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

Remediation

References

CVE-2008-5189

Related Vulnerabilities

SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1576)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.28)

WordPress Plugin WP Featured Post with thumbnail 'src' Parameter Cross-Site Scripting (3.0)

PrestaShop Improper Authentication Vulnerability (CVE-2021-21308)

PHP NULL Pointer Dereference Vulnerability (CVE-2021-21702)

Severity

Medium

Classification

CVE-2008-5189 CWE-352

Tags

Missing Update Known Vulnerabilities