CVE-2007-5380
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
Date published : 2007-10-19
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html