• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Yukihiro Matsumoto Ruby CGI Session Management Insecure File Permissions Vulnerability

It is reported that Ruby is prone to an insecure file permissions vulnerability. This issue affects the CGI session management component of the application.

This issue may allow a local attacker with access to a vulnerable Web server to hijack a session.

Ruby versions prior to 1.6.7 and 1.8.1 are affected by the issue.