CVE-2008-5189

Description

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

Affected products

rubyonrails / rails0.9.1 – 0.9.1
rubyonrails / rails0.9.2 – 0.9.2
rubyonrails / rails0.9.3 – 0.9.3
rubyonrails / rails0.9.4 – 0.9.4
rubyonrails / rails0.9.4.1 – 0.9.4.1
rubyonrails / rails0.10.0 – 0.10.0
rubyonrails / rails0.10.1 – 0.10.1
rubyonrails / rails0.11.0 – 0.11.0
rubyonrails / rails0.11.1 – 0.11.1
rubyonrails / rails0.12.0 – 0.12.0
rubyonrails / rails0.12.1 – 0.12.1
rubyonrails / rails0.13.0 – 0.13.0
rubyonrails / rails0.13.1 – 0.13.1
rubyonrails / rails0.14.1 – 0.14.1
rubyonrails / rails0.14.2 – 0.14.2
rubyonrails / rails0.14.3 – 0.14.3
rubyonrails / rails0.14.4 – 0.14.4
rubyonrails / rails1.0.0 – 1.0.0
rubyonrails / rails1.1.0 – 1.1.0
rubyonrails / rails1.1.1 – 1.1.1
rubyonrails / rails1.1.2 – 1.1.2
rubyonrails / rails1.1.3 – 1.1.3
rubyonrails / rails1.1.4 – 1.1.4
rubyonrails / rails1.1.5 – 1.1.5
rubyonrails / rails1.1.6 – 1.1.6
rubyonrails / rails1.2.0 – 1.2.0
rubyonrails / rails1.2.1 – 1.2.1
rubyonrails / rails1.2.2 – 1.2.2
rubyonrails / rails1.2.3 – 1.2.3
rubyonrails / rails1.2.4 – 1.2.4
rubyonrails / rails1.2.5 – 1.2.5
rubyonrails / rails1.2.6 – 1.2.6
rubyonrails / rails1.9.5 – 1.9.5
rubyonrails / rails2.0.0 – 2.0.0
rubyonrails / rails2.0.0 – 2.0.0
rubyonrails / rails2.0.0 – 2.0.0
rubyonrails / rails2.0.1 – 2.0.1
rubyonrails / rails2.0.2 – 2.0.2
rubyonrails / ruby_on_rails2.0.4
rubyonrails / ruby_on_rails0.5.0 – 0.5.0
rubyonrails / ruby_on_rails0.5.5 – 0.5.5
rubyonrails / ruby_on_rails0.5.6 – 0.5.6
rubyonrails / ruby_on_rails0.5.7 – 0.5.7
rubyonrails / ruby_on_rails0.6.0 – 0.6.0
rubyonrails / ruby_on_rails0.6.5 – 0.6.5
rubyonrails / ruby_on_rails0.7.0 – 0.7.0
rubyonrails / ruby_on_rails0.8.0 – 0.8.0
rubyonrails / ruby_on_rails0.8.5 – 0.8.5
rubyonrails / ruby_on_rails0.9.0 – 0.9.0

Description

Affected products

References