-
-
Notifications
You must be signed in to change notification settings - Fork 237
Expand file tree
/
Copy pathCVE-2015-7519.yml
More file actions
17 lines (17 loc) · 710 Bytes
/
Copy pathCVE-2015-7519.yml
File metadata and controls
17 lines (17 loc) · 710 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
---
gem: passenger
cve: 2015-7519
ghsa: fxwv-953p-7qpf
url: https://blog.phusion.nl/2015/12/07/cve-2015-7519/
title: Phusion Passenger Server allows to overwrite headers in some cases
date: 2015-11-23
description: |
It is possible in some cases, for clients to overwrite headers set by
the server, resulting in a medium level security issue. Passenger 5 uses an SCGI-inspired
format to pass headers to Ruby/Python applications, while Passenger 4 uses an SCGI-inspired
format to pass headers to all applications. This implies a conversion to UPPER_CASE_WITH_UNDERSCORES
whereby the difference between characters like '-' and '_' is lost.
cvss_v3: 3.7
patched_versions:
- "~> 4.0.60"
- ">= 5.0.22"