CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ruby_on_rails | Rubyonrails | 0.8.0 | 0.8.0 |
Ruby_on_rails | Rubyonrails | 0.5.7 | 0.5.7 |
Ruby_on_rails | Rubyonrails | 0.7.0 | 0.7.0 |
Rails | Rubyonrails | 1.2.4 | 1.2.4 |
Ruby_on_rails | Rubyonrails | 0.8.5 | 0.8.5 |
Ruby_on_rails | Rubyonrails | 0.6.0 | 0.6.0 |
Ruby_on_rails | Rubyonrails | 0.5.6 | 0.5.6 |
Ruby_on_rails | Rubyonrails | 0.9.0 | 0.9.0 |
Ruby_on_rails | Rubyonrails | 0.5.5 | 0.5.5 |
Ruby_on_rails | Rubyonrails | 0.5.0 | 0.5.0 |
Ruby_on_rails | Rubyonrails | 0.6.5 | 0.6.5 |
Ruby_on_rails | Rubyonrails | * | 2.0.4 |
Rails | Rubyonrails | 0.9.1 | 0.9.1 |
Rails | Rubyonrails | 0.9.2 | 0.9.2 |
Rails | Rubyonrails | 0.9.3 | 0.9.3 |
Rails | Rubyonrails | 0.9.4 | 0.9.4 |
Rails | Rubyonrails | 0.9.4.1 | 0.9.4.1 |
Rails | Rubyonrails | 0.10.0 | 0.10.0 |
Rails | Rubyonrails | 0.10.1 | 0.10.1 |
Rails | Rubyonrails | 0.11.0 | 0.11.0 |
Rails | Rubyonrails | 0.11.1 | 0.11.1 |
Rails | Rubyonrails | 0.12.0 | 0.12.0 |
Rails | Rubyonrails | 0.12.1 | 0.12.1 |
Rails | Rubyonrails | 0.13.0 | 0.13.0 |
Rails | Rubyonrails | 0.13.1 | 0.13.1 |
Rails | Rubyonrails | 0.14.1 | 0.14.1 |
Rails | Rubyonrails | 0.14.2 | 0.14.2 |
Rails | Rubyonrails | 0.14.3 | 0.14.3 |
Rails | Rubyonrails | 0.14.4 | 0.14.4 |
Rails | Rubyonrails | 1.0.0 | 1.0.0 |
Rails | Rubyonrails | 1.1.1 | 1.1.1 |
Rails | Rubyonrails | 1.1.2 | 1.1.2 |
Rails | Rubyonrails | 1.1.3 | 1.1.3 |
Rails | Rubyonrails | 1.1.4 | 1.1.4 |
Rails | Rubyonrails | 1.1.5 | 1.1.5 |
Rails | Rubyonrails | 1.1.6 | 1.1.6 |
Rails | Rubyonrails | 1.2.1 | 1.2.1 |
Rails | Rubyonrails | 1.2.2 | 1.2.2 |
Rails | Rubyonrails | 1.2.3 | 1.2.3 |
Rails | Rubyonrails | 1.2.5 | 1.2.5 |
Rails | Rubyonrails | 1.2.6 | 1.2.6 |
Rails | Rubyonrails | 1.9.5 | 1.9.5 |
Rails | Rubyonrails | 1.1.0 | 1.1.0 |
Rails | Rubyonrails | 1.2.0 | 1.2.0 |
Rails | Rubyonrails | 2.0.1 | 2.0.1 |
Rails | Rubyonrails | 2.0.2 | 2.0.2 |
Rails | Rubyonrails | 2.0.0 | 2.0.0 |
Rails | Rubyonrails | 2.0.0 | 2.0.0 |
Rails | Rubyonrails | 2.0.0 | 2.0.0 |