CVE-2011-3186
OSVDB-74616

Published almost 9 years ago
Category: Code Injection
Source: NIST NVD
Severity: Moderate

Vulnerability in rails

A response splitting flaw in Ruby on Rails 2.3.x was reported that could allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
Network Network None None Partial None
Patched Versions

>= 2.3.13

Unaffected Versions

n/a