[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: Ruby on Rails: CSRF circumvention
From: "Steven M. Christey" <coley () linus ! mitre ! org>
Date: 2009-12-12 1:48:15
Message-ID: Pine.GSO.4.64.0912112047520.29993 () faron ! mitre ! org
[Download RAW message or body]
On Wed, 2 Dec 2009, Josh Bressers wrote:
> ----- "Alex Legler" <a3li@gentoo.org> wrote:
>>
>> http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
>> http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
>>
>
> Steve,
>
> Can you give this one a 2008 ID?
Use CVE-2008-7248, to be filled in later.
- Steve
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic