FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rest-client -- session fixation vulnerability

Affected packages
rubygem-rest-client < 1.6.7_1

Details

VuXML ID 83a7a720-07d8-11e5-9a28-001e67150279
Discovery 2015-03-24
Entry 2015-05-31
Modified 2015-09-28

Andy Brody reports:

When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration.

[source]

References

CVE Name CVE-2015-1820
FreeBSD PR ports/200504
URL https://github.com/rest-client/rest-client/issues/369

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.