← Back

CVE-2008-5189

nvd nist
Published: Nov 21, 2008Modified: Apr 23, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:P/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

Affected (49)

Rubyonrails
2 products
Rails
Ruby On Rails
Configuration A
49 vulnerable
Vulnerable SoftwareAffected Versions
Rubyonrails
Rails
Version 0.10.0
Rails
Version 0.10.1
Rails
Version 0.11.0
Rails
Version 0.11.1
Rails
Version 0.12.0
Rails
Version 0.12.1
Rails
Version 0.13.0
Rails
Version 0.13.1
Rails
Version 0.14.1
Rails
Version 0.14.2
Rails
Version 0.14.3
Rails
Version 0.14.4
Rails
Version 0.9.1
Rails
Version 0.9.2
Rails
Version 0.9.3
Rails
Version 0.9.4.1
Rails
Version 0.9.4
Rails
Version 1.0.0
Rails
Version 1.1.0
Rails
Version 1.1.1
Rails
Version 1.1.2
Rails
Version 1.1.3
Rails
Version 1.1.4
Rails
Version 1.1.5
Rails
Version 1.1.6
Rails
Version 1.2.0
Rails
Version 1.2.1
Rails
Version 1.2.2
Rails
Version 1.2.3
Rails
Version 1.2.4
Rails
Version 1.2.5
Rails
Version 1.2.6
Rails
Version 1.9.5
Rails
Version 2.0.0
Rails
Version 2.0.0 rc1
Rails
Version 2.0.0 rc2
Rails
Version 2.0.1
Rails
Version 2.0.2
Rubyonrails
Ruby On Rails
Up to 2.0.4
Ruby On Rails
Version 0.5.0
Ruby On Rails
Version 0.5.5
Ruby On Rails
Version 0.5.6
Ruby On Rails
Version 0.5.7
Ruby On Rails
Version 0.6.0
Ruby On Rails
Version 0.6.5
Ruby On Rails
Version 0.7.0
Ruby On Rails
Version 0.8.0
Ruby On Rails
Version 0.8.5
Ruby On Rails
Version 0.9.0

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (10)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch

Timeline

No history available yet.