CVE Vulnerabilities

CVE-2004-0755

Published: Oct 20, 2004 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.

Affected Software

Name Vendor Start Version End Version
Ruby Yukihiro_matsumoto 1.6 1.6
Ruby Yukihiro_matsumoto 1.8 1.8
Red Hat Enterprise Linux 3 RedHat ruby-0:1.6.8-9.EL3.2 *
Ruby1.6 Ubuntu dapper *
Ruby1.8 Ubuntu dapper *
Ruby1.8 Ubuntu devel *
Ruby1.8 Ubuntu edgy *
Ruby1.8 Ubuntu feisty *

References