Description

CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.

Remediation

References

CVE-2011-3186

Related Vulnerabilities

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2016-1546)

MySQL CVE-2016-0596 Vulnerability (CVE-2016-0596)

WordPress Plugin WP Fastest Cache Cross-Site Scripting (0.8.5.5)

Oracle Application Server Other Vulnerability (CVE-2007-0281)

Ruby on Rails Improper Authentication Vulnerability (CVE-2009-2422)

Severity

Medium

Classification

CVE-2011-3186 CWE-94

Tags

Missing Update Known Vulnerabilities