#690 Rails 2.1.0: mod_security reports a Response Splitting Attack - Ruby on Rails

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
Combine keywords for powerful searching.
Use advanced searching »

#690 new

Rails 2.1.0: mod_security reports a Response Splitting Attack

Reported by Christian Nolte | July 24th, 2008 @ 09:45 AM | in 2.x

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

I use the apache proxy to forward traffic to mongrel. The apache has

mod_security enabled and since I made an update to Rails 2.1.0

mod_security blocks access with the following message:

[24/Jul/2008:16:13:36 +0200]

[myhost/sid#988eef8][rid#a29a550][/myapp/][1] Access denied with code

400 (phase 2). Pattern match "%0[ad]" at REQUEST_HEADERS:Cookie. [id

"950910"] [msg "HTTP Response Spli

tting Attack. Matched signature <%0a>"] [severity "ALERT"]

I don't know what exactly is causing this. I am using

restful_authentication.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.7 (GNU/Linux)

Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFIiJUVCNjA0nfhW7wRApu8AKDk9LU37uOpdogLGcnjJM+PG8r+qQCgl48P

VMDMiC0VZpXzAW5OOwyc+LE=

=NIF1

-----END PGP SIGNATURE-----

Comments and changes to this ticket

Please Login or create a free account to add a new comment.

You can update this ticket by sending an email to from your email client. (help)

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Source available from github

The Git repository resides at http://github.com/rails

Check out the current development trunk (Edge Rails) with:

git clone git://github.com/rails/rails.git

The latest development for the 1.2.x and 2.0.x releases are on the 1-2-stable and 2-0-stable branches.

Creating a bug report

When creating a bug report, be sure to include as much relevant information as possible. Post the code sample that causes the problem. Preferably, alter the unit tests and show through either changed or added tests how the expected behavior is not occuring.

Security vulnerabilities should be reported via an email to security@rubyonrails.org, do not use trac for reporting security vulnerabilities. All content in trac is publicly available as soon as it is posted.

Then don't get your hopes up. Unless you have a "Code Red, Mission Critical, The World is Coming to an End" kinda bug, you're creating this ticket in the hope that others with the same problem will be able to collaborate with you on solving it. Do not expect that the ticket automatically will see any activity or that others will jump to fix it. Creating a ticket like this is mostly to help yourself start on the path of fixing the problem and for others to sign on to with a "I'm having this problem too".

Shared Ticket Bins (Sort)

120Open Patches ↓↑ drag
0Open Doc Patches ↓↑ drag
0Open Bugs ↓↑ drag
4Stale Tickets ↓↑ drag
0Verified Patches ↓↑ drag

People watching this ticket

Christian Nolte

Ruby on Rails

Keyword searching

Rails 2.1.0: mod_security reports a Response Splitting Attack

Comments and changes to this ticket

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket