Description

CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.

Remediation

References

CVE-2011-3186

Related Vulnerabilities

Apache HTTP Server Off-by-one Error Vulnerability (CVE-2005-1268)

Squid Integer Overflow or Wraparound Vulnerability (CVE-2021-31807)

Oracle JRE CVE-2011-3546 Vulnerability (CVE-2011-3546)

WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8354)

WordPress Plugin M-vSlider SQL Injection (2.1.3)

Severity

Medium

Classification

CVE-2011-3186 CWE-94

Tags

Missing Update Known Vulnerabilities