Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-0263

Опубликовано: 08 фев. 2013
Источник: nvd
CVSS2: 5.1
EPSS Низкий

Описание

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rack_project:rack:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.5.1:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:rack_project:rack:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.4.4:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:rack_project:rack:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.3.9:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:rack_project:rack:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.2.7:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:a:rack_project:rack:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:rack_project:rack:1.1.6:*:*:*:*:*:*:*

EPSS

Процентиль: 90%
0.05283
Низкий

5.1 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2013-0263

ubuntu
почти 13 лет назад

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.

redhat логотип

CVE-2013-0263

redhat
почти 13 лет назад

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.

debian логотип

CVE-2013-0263

debian
почти 13 лет назад

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, ...

github логотип

GHSA-xc85-32mf-xpv8

github
почти 4 года назад

Rack arbitrary code execution via timing attack

EPSS

Процентиль: 90%
0.05283
Низкий

5.1 Medium

CVSS2

Дефекты

NVD-CWE-noinfo