CVE-2008-7248

UNKNOWNCVSS 0.0

0.0

Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.

🔗 References (20)

secalert@redhathttp://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
secalert@redhathttp://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
secalert@redhathttp://secunia.com/advisories/36600
secalert@redhathttp://secunia.com/advisories/38915
secalert@redhathttp://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
secalert@redhathttp://www.openwall.com/lists/oss-security/2009/11/28/1
secalert@redhathttp://www.openwall.com/lists/oss-security/2009/12/02/2
secalert@redhathttp://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
secalert@redhathttp://www.vupen.com/english/advisories/2009/2544
af854a3a-2127-422b-91ae-364da2661108http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36600
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38915

Is Your Infrastructure Affected by CVE-2008-7248?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-7248

📅 Published

🔄 Last Modified

🔗 References (20)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-7248?