Class: Dawn::Kb::OSVDB_119878

# File 'lib/dawn/kb/osvdb_119878.rb', line 10

def initialize
      message="rest-client Gem for Ruby contains a flaw in abstract_response.rb related to the handling of set-cookie headers in redirection responses that allows a remote, user-assisted attacker to conduct a session fixation attack. This flaw exists because the application, when establishing a new session, does not invalidate an existing session identifier and assign a new one. With a specially crafted request fixating the session identifier, a context-dependent attacker can ensure a user authenticates with the known session identifier, allowing the session to be subsequently hijacked."

      super({
        :name=> "OSVDB_119878",
        :cve=>"2015-1820",
        :osvdb=>"119878",
        :cvss=>"",
        :release_date => Date.new(2015, 3, 24),
        :cwe=>"",
        :owasp=>"A9",
        :applies=>["rails", "sinatra", "padrino"],
        :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
        :message=>message,
        :mitigation=>"Please upgrade rest-client gem version to 1.8.0 or later.",
        :aux_links=>["https://github.com/rest-client/rest-client/issues/369"]
       })
      self.safe_dependencies = [{:name=>"rest-client", :version=>['1.8.0', '2.0.0.rc1', '2.0.0.rc2']}]

end

Class: Dawn::Kb::OSVDB_119878

Overview

Constant Summary

Constants included from BasicCheck

Instance Attribute Summary

Attributes included from DependencyCheck

Attributes included from BasicCheck

Instance Method Summary collapse

Methods included from DependencyCheck

Methods included from BasicCheck

Methods included from Utils

Constructor Details

#initialize ⇒ OSVDB_119878

#initialize ⇒ `OSVDB_119878`