Description: A security issue has been reported in Ruby on Rails, which can potentially be exploited by malicious people to conduct session fixation attacks.
The security issue is caused due to lib/action_controller/cgi_process.rb removing the ":cookie_only" attribute from "DEFAULT_SESSION_OPTIONS" and can be exploited to conduct session fixation attacks against applications using the affected component.
The security issue is reported in versions prior to 1.2.6.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
