Contents

---
gem: rack
cve: 2013-0263
osvdb: 89939
url: http://osvdb.org/show/osvdb/89939
title: |
  Rack Rack::Session::Cookie Function Timing Attack Remote Code Execution
date: 2013-02-07

description: |
  Rack contains a flaw that is due to an error in the Rack::Session::Cookie
  function. Users of the Marshal session cookie encoding (the default), are
  subject to a timing attack that may lead an attacker to execute arbitrary
  code. This attack is more practical against 'cloud' users as intra-cloud
  latencies are sufficiently low to make the attack viable.

cvss_v2: 5.1
patched_versions:
  - ~> 1.1.6
  - ~> 1.2.8
  - ~> 1.3.10
  - ~> 1.4.5
  - ">= 1.5.2"

Version data entries

5 entries across 5 versions & 2 rubygems

Version	Path
bundler-budit-0.6.2	data/ruby-advisory-db/gems/rack/OSVDB-89939.yml
bundler-budit-0.6.1	data/ruby-advisory-db/gems/rack/OSVDB-89939.yml
bundler-audit-0.6.1	data/ruby-advisory-db/gems/rack/OSVDB-89939.yml
bundler-audit-0.6.0	data/ruby-advisory-db/gems/rack/OSVDB-89939.yml
bundler-audit-0.5.0	data/ruby-advisory-db/gems/rack/OSVDB-89939.yml