Sha256: e322b2fe567f73df2306b1e910de092852def2b54cd7e2dff06af6bf39fe6dc3

Contents?: true

Size: 653 Bytes

Versions: 6

Compression:

Stored size: 653 Bytes

Contents

--- 
gem: rack
cve: 2013-0263
osvdb: 89939
url: http://osvdb.org/show/osvdb/89939
title: |
  Rack Rack::Session::Cookie Function Timing Attack Remote Code Execution 
date: 2009-12-01

description: |
  Rack contains a flaw that is due to an error in the Rack::Session::Cookie
  function. Users of the Marshal session cookie encoding (the default), are
  subject to a timing attack that may lead an attacker to execute arbitrary
  code. This attack is more practical against 'cloud' users as intra-cloud
  latencies are sufficiently low to make the attack viable.

cvss_v2: 7.6
patched_versions: 
- ~> 1.1.6
- ~> 1.2.8
- ~> 1.3.10
- ~> 1.4.5
- ">= 1.5.2"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
mrjoy-bundler-audit-0.3.2 data/ruby-advisory-db/gems/rack/OSVDB-89939.yml
mrjoy-bundler-audit-0.3.1 data/ruby-advisory-db/gems/rack/OSVDB-89939.yml
bundler-audit-0.3.0 data/ruby-advisory-db/gems/rack/OSVDB-89939.yml
mrjoy-bundler-audit-0.2.1 data/ruby-advisory-db/gems/rack/OSVDB-89939.yml
bundler-audit-0.2.0 data/ruby-advisory-db/gems/rack/OSVDB-89939.yml
mrjoy-bundler-audit-0.1.4 data/ruby-advisory-db/gems/rack/OSVDB-89939.yml