CVE-2004-0755

The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:yukihiro_matsumoto:ruby:1.6:*:*:*:*:*:*:*
cpe:2.3:a:yukihiro_matsumoto:ruby:1.8:*:*:*:*:*:*:*

History

No history.

Information

Published : 2004-10-20 04:00

Updated : 2024-02-28 10:24


NVD link : CVE-2004-0755

Mitre link : CVE-2004-0755

CVE.ORG link : CVE-2004-0755


JSON object : View

Products Affected

yukihiro_matsumoto

  • ruby