Ruby On Rails error on PCI test

[afonic]

I am running the HackerGuardian PCI Compliance test and I am getting the following security warning:

Code:

Security warning found on port/service "nbx-ser (2095/tcp)"  	
	
		
	Plugin 	 "Ruby on Rails Session Fixation Vulnerability" 	
		
	Category 	 "Web Servers " 	
		
	Priority 	 "Medium Priority "Synopsis :  The remote web server is affected by a session fixation vulnerability.   Description :  The web server on the remote host appears to be a version of Ruby on Rails that supports URL-based sessions.  An unauthenticated remote attacker may be able to leverage this issue to obtain an authenticated session.   Note that Ruby on Rails version 1.2.4 was initially supposed to address this issue, but its session fixation logic only works for the first request, when CgiRequest is first instantiated. 	
	
		
	See also: 	http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release 	
	http://www.nessus.org/u?2f5b72e6 	
	http://dev.rubyonrails.org/ticket/10048 	
	http://www.nessus.org/u?1eeea9de 	
		
		
	   Solution :  Upgrade to Ruby on Rails version 1.2.6 or later and make sure 'config.action_controller.session_options[:cookie_only]' is set to 'true' in the 'config/environment.rb' file. 	
	
		
		
	   Risk factor :  Medium / CVSS Base Score : 6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P) 	
	
		
		
	   CVE: 	CVE-2007-5380 	
		CVE-2007-6077 	
	
	BID : 26096, 26598 Other references : OSVDB:39193, OSVDB:40718 	
		
	      If you think this vulnerability is a false positive, already patched or if  compensating controls exist within your infrastructure please 	
	click here.

However I cannot locate that file or find any information about how I could solve this issue. As a matter of fact I cannot find instructions for removing Ruby from cPanel all together.

Any ideas?

PS. I am using CentOS 5.3