CVE-2015-7519: Phusion Passenger Server allows to overwrite headers in some cases

thesp0nge / dawnscanner

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

MIT License

737 stars 86 forks source link

CVE-2015-7519: Phusion Passenger Server allows to overwrite headers in some cases #169

Closed thesp0nge closed 8 years ago

thesp0nge commented 8 years ago

+--- +gem: passenger +cve: 2015-7519 +url: https://blog.phusion.nl/2015/12/07/cve-2015-7519/ +title: Phusion Passenger Server allows to overwrite headers in some cases +date: 2015-11-23 +description: It was discovered by the SUSE security team that it was possible,

in some cases, for clients to overwrite headers set by the server,
resulting in a medium level security issue. +patched_versions:
- "~> 4.0.60"
- ">= 5.0.22"