Vulnerability Name:

CVE-2007-6077 (CCN-38650)

Assigned:2007-11-21
Published:2007-11-21
Updated:2019-08-08
Summary:The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks.
Note: this is due to an incomplete fix for CVE-2007-5380.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-362
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Mon Dec 17 2007 - 15:47:29 CST
Apple OS X Software Update Remote Command Execution

Source: MITRE
Type: CNA
CVE-2007-6077

Source: CONFIRM
Type: UNKNOWN
http://dev.rubyonrails.org/changeset/8177

Source: CCN
Type: Ruby on Rails Web site: Rails Trac Ticket #10048
[PATCH] Session fixation (cookie_only) functionality is broken

Source: CONFIRM
Type: Patch
http://dev.rubyonrails.org/ticket/10048

Source: CCN
Type: Apple Web site
About Security Update 2007-009

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=307179

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-12-17

Source: CCN
Type: SA27781
Ruby on Rails Session Fixation Security Issue

Source: SECUNIA
Type: Vendor Advisory
27781

Source: CCN
Type: SA28136
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
28136

Source: CONFIRM
Type: UNKNOWN
http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release

Source: CCN
Type: GLSA-200912-02
Ruby on Rails: Multiple vulnerabilities

Source: CCN
Type: OSVDB ID: 39193
Ruby on Rails cgi_process.rb Cookie Related Session Fixation

Source: BID
Type: UNKNOWN
26598

Source: CCN
Type: BID-26598
Ruby on Rails Session Fixation Vulnerability

Source: CERT
Type: US Government Resource
TA07-352A

Source: VUPEN
Type: Vendor Advisory
ADV-2007-4009

Source: VUPEN
Type: Vendor Advisory
ADV-2007-4238

Source: XF
Type: UNKNOWN
rails-cookieonly-session-hijacking(38650)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:1.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:1.2.0:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.3.9:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:rubyonrails:rails:3.0.4:-:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    rubyonrails rails 0.9.1
    rubyonrails rails 0.9.2
    rubyonrails rails 0.9.3
    rubyonrails rails 0.9.4
    rubyonrails rails 0.9.4.1
    rubyonrails rails 0.10.0
    rubyonrails rails 0.10.1
    rubyonrails rails 0.11.0
    rubyonrails rails 0.11.1
    rubyonrails rails 0.12.0
    rubyonrails rails 0.12.1
    rubyonrails rails 0.13.0
    rubyonrails rails 0.13.1
    rubyonrails rails 0.14.1
    rubyonrails rails 0.14.2
    rubyonrails rails 0.14.3
    rubyonrails rails 0.14.4
    rubyonrails rails 1.0.0
    rubyonrails rails 1.1.0
    rubyonrails rails 1.1.1
    rubyonrails rails 1.1.2
    rubyonrails rails 1.1.3
    rubyonrails rails 1.1.4
    rubyonrails rails 1.1.5
    rubyonrails rails 1.1.6
    rubyonrails rails 1.2.0
    rubyonrails rails 1.2.1
    rubyonrails rails 1.2.2
    rubyonrails rails 1.2.3
    rubyonrails rails 1.2.4
    rubyonrails rails 1.2.5
    rubyonrails rails 1.2.6
    rubyonrails rails 1.9.5
    rubyonrails rails 2.0.0
    rubyonrails rails 2.0.0 rc1
    rubyonrails rails 2.0.0 rc2
    rubyonrails rails 2.0.1
    rubyonrails rails 2.0.2
    rubyonrails rails 2.0.4
    rubyonrails rails 2.1.0
    rubyonrails rails 2.1.1
    rubyonrails rails 2.1.2
    rubyonrails rails 2.2.0
    rubyonrails rails 2.2.1
    rubyonrails rails 2.2.2
    rubyonrails rails 2.3.2
    rubyonrails rails 2.3.3
    rubyonrails rails 2.3.4
    rubyonrails rails 2.3.9
    rubyonrails rails 2.3.10
    rubyonrails rails 2.3.11
    rubyonrails rails 2.3.12
    rubyonrails rails 3.0.0
    rubyonrails rails 3.0.0 beta
    rubyonrails rails 3.0.0 beta2
    rubyonrails rails 3.0.0 beta3
    rubyonrails rails 3.0.0 beta4
    rubyonrails rails 3.0.0 rc
    rubyonrails rails 3.0.0 rc2
    rubyonrails rails 3.0.1
    rubyonrails rails 3.0.1 pre
    rubyonrails rails 3.0.2
    rubyonrails rails 3.0.2 pre
    rubyonrails rails 3.0.3
    rubyonrails rails 3.0.4 rc1
    rubyonrails rails 3.0.5
    rubyonrails rails 3.0.5 rc1
    rubyonrails rails 3.0.6
    rubyonrails rails 3.0.6 rc1
    rubyonrails rails 3.0.6 rc2
    rubyonrails rails 3.0.7
    rubyonrails rails 3.0.7 rc1
    rubyonrails rails 3.0.7 rc2
    rubyonrails rails 3.0.8
    rubyonrails rails 3.0.8 rc1
    rubyonrails rails 3.0.8 rc2
    rubyonrails rails 3.0.8 rc3
    rubyonrails rails 3.0.8 rc4
    rubyonrails rails 3.0.9
    rubyonrails rails 3.0.9 rc1
    rubyonrails rails 3.0.9 rc2
    rubyonrails rails 3.0.9 rc3
    rubyonrails rails 3.0.9 rc4
    rubyonrails rails 3.0.9 rc5
    rubyonrails rails 3.0.10
    rubyonrails rails 3.0.10 rc1
    rubyonrails rails 3.0.11
    rubyonrails rails 3.0.12
    rubyonrails rails 3.0.12 rc1
    rubyonrails rails 3.0.13
    rubyonrails rails 3.0.13 rc1
    rubyonrails rails 3.0.14
    rubyonrails rails 3.1.0
    rubyonrails rails 3.1.0 beta1
    rubyonrails rails 3.1.0 rc1
    rubyonrails rails 3.1.0 rc2
    rubyonrails rails 3.1.0 rc3
    rubyonrails rails 3.1.0 rc4
    rubyonrails rails 3.1.0 rc5
    rubyonrails rails 3.1.0 rc6
    rubyonrails rails 3.1.0 rc7
    rubyonrails rails 3.1.0 rc8
    rubyonrails rails 3.1.1
    rubyonrails rails 3.1.1 rc1
    rubyonrails rails 3.1.1 rc2
    rubyonrails rails 3.1.1 rc3
    rubyonrails rails 3.1.2
    rubyonrails rails 3.1.2 rc1
    rubyonrails rails 3.1.2 rc2
    rubyonrails rails 3.1.3
    rubyonrails rails 3.1.4
    rubyonrails rails 3.1.4 rc1
    rubyonrails rails 3.1.5
    rubyonrails rails 3.1.5 rc1
    rubyonrails rails 3.1.6
    rubyonrails rails 3.2.0
    rubyonrails rails 3.2.0 rc1
    rubyonrails rails 3.2.0 rc2
    rubyonrails rails 3.2.1
    rubyonrails rails 3.2.2
    rubyonrails rails 3.2.2 rc1
    rubyonrails rails 3.2.3
    rubyonrails rails 3.2.3 rc1
    rubyonrails rails 3.2.3 rc2
    rubyonrails rails 3.2.4
    rubyonrails rails 3.2.4 rc1
    rubyonrails rails 3.2.5
    rubyonrails rails 3.2.6
    rubyonrails ruby on rails 0.5.0
    rubyonrails ruby on rails 0.5.5
    rubyonrails ruby on rails 0.5.6
    rubyonrails ruby on rails 0.5.7
    rubyonrails ruby on rails 0.6.0
    rubyonrails ruby on rails 0.6.5
    rubyonrails ruby on rails 0.7.0
    rubyonrails ruby on rails 0.8.0
    rubyonrails ruby on rails 0.8.5
    rubyonrails ruby on rails 0.9.0
    rubyonrails ruby on rails 3.0.4