Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 20 Nov 2008 21:09:29 -0500 (EST)
From: "Steven M. Christey" <>
cc: "Steven M. Christey" <>
Subject: Re: CVE Request: ruby on rails header injection

Name: CVE-2008-5189
Status: Candidate
Reference: CONFIRM:
Reference: CONFIRM:
Reference: CONFIRM:
Reference: BID:32359
Reference: URL:

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows
remote attackers to inject arbitrary HTTP headers and conduct HTTP
response splitting attacks via a crafted URL to the redirect_to

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.