Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1000119

Опубликовано: 25 мая 2015
Источник: redhat
CVSS3: 3.7
EPSS Низкий

Описание

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.

Отчет

This issue affects the versions of rubygem-rack-protection as shipped with Red Hat Satellite 6. Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 1.3rubygem-rack-protectionWill not fix
Red Hat Enterprise Linux 6pcsWill not fix
Red Hat Enterprise Linux 8rubygem-rack-protectionNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Toolsrubygem-rack-protectionWill not fix
Red Hat OpenStack Platform 10 (Newton) Operational Toolsrubygem-rack-protectionWill not fix
Red Hat OpenStack Platform 11 (Ocata) Operational Toolsrubygem-rack-protectionWill not fix
Red Hat OpenStack Platform 12 (Pike) Operational Toolsrubygem-rack-protectionWill not fix
Red Hat OpenStack Platform 13 (Queens) Operational Toolsrubygem-rack-protectionWill not fix
Red Hat OpenStack Platform 8 (Liberty) Operational Toolsrubygem-rack-protectionWill not fix
Red Hat OpenStack Platform 9 (Mitaka) Operational Toolsrubygem-rack-protectionWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-385
https://bugzilla.redhat.com/show_bug.cgi?id=1534027rack-protection: Timing attack in authenticity_token.rb

EPSS

Процентиль: 62%
0.00427
Низкий

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-1000119

CVSS3: 5.9
ubuntu
больше 7 лет назад

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.

nvd логотип

CVE-2018-1000119

CVSS3: 5.9
nvd
больше 7 лет назад

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.

debian логотип

CVE-2018-1000119

CVSS3: 5.9
debian
больше 7 лет назад

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier conta ...

github логотип

GHSA-688c-3x49-6rqj

CVSS3: 5.9
github
больше 7 лет назад

rack-protection gem timing attack vulnerability when validating CSRF token

fstec логотип

BDU:2019-00439

CVSS3: 5.9
fstec
больше 7 лет назад

Уязвимость механизма защиты «rack-protection» фреймворка Sinatra для разработки веб-приложений на языке программирования Ruby, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 62%
0.00427
Низкий

3.7 Low

CVSS3

Уязвимость CVE-2018-1000119