Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-1820

Опубликовано: 24 мар. 2015
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.

Отчет

With the release of Satellite 6.9 available, this bug is being closed as wontfix as all parts of our Ruby stack are running under the SCL now with rest-client.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenStack Foremanruby193-rubygem-rest-clientWill not fix
OpenStack Foremanrubygem-rest-clientWill not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installerruby193-rubygem-rest-clientWill not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installerrubygem-rest-clientWill not fix
Red Hat Enterprise MRG 2rubygem-rest-clientWill not fix
Red Hat OpenShift Enterprise 2ruby193-rubygem-rest-clientWill not fix
Red Hat OpenStack Platform 4ruby193-rubygem-rest-clientWill not fix
Red Hat OpenStack Platform 4rubygem-rest-clientWill not fix
Red Hat Satellite 6rubygem-rest-clientWill not fix
Red Hat Subscription Asset Managerruby193-rubygem-rest-clientWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-201
https://bugzilla.redhat.com/show_bug.cgi?id=1205291rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses

EPSS

Процентиль: 88%
0.03723
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-1820

CVSS3: 9.8
ubuntu
больше 8 лет назад

REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.

nvd логотип

CVE-2015-1820

CVSS3: 9.8
nvd
больше 8 лет назад

REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.

debian логотип

CVE-2015-1820

CVSS3: 9.8
debian
больше 8 лет назад

REST client for Ruby (aka rest-client) before 1.8.0 allows remote atta ...

github логотип

GHSA-3fhf-6939-qg8p

CVSS3: 9.8
github
больше 7 лет назад

rest-client Gem Vulnerable to Session Fixation

EPSS

Процентиль: 88%
0.03723
Низкий

4.3 Medium

CVSS2

Уязвимость CVE-2015-1820