Description

CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.

Remediation

References

CVE-2011-3186

Related Vulnerabilities

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.3)

Oracle Database Server Other Vulnerability (CVE-2007-3857)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0346)

WordPress Plugin Easy Forms for MailChimp Cross-Site Scripting (6.1.2)

WordPress Plugin Dokan-Best WooCommerce Multivendor Marketplace Solution-Build Your Own Amazon, eBay, Etsy Cross-Site Request Forgery (3.2.0)

Severity

Medium

Classification

CVE-2011-3186 CWE-94

Tags

Missing Update Known Vulnerabilities