exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2019-25025

почти 5 лет назад

The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. This is a related issue to CVE-2019-16782.

CVSS3: 5.3

EPSS: Низкий

CVE-2019-25025

около 6 лет назад

The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. This is a related issue to CVE-2019-16782.

CVSS3: 5.3

EPSS: Низкий

CVE-2019-25025

почти 5 лет назад

The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. This is a related issue to CVE-2019-16782.

CVSS3: 5.3

EPSS: Низкий

CVE-2019-25025

почти 5 лет назад

The activerecord-session_store (aka Active Record Session Store) compo ...

CVSS3: 5.3

EPSS: Низкий

GHSA-cvw2-xj8r-mjf7

почти 5 лет назад

Activerecord-session_store Vulnerable to Timing Attack

CVSS3: 5.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2019-25025 The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. This is a related issue to CVE-2019-16782.	CVSS3: 5.3	0% Низкий	почти 5 лет назад
CVE-2019-25025 The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. This is a related issue to CVE-2019-16782.	CVSS3: 5.3	0% Низкий	около 6 лет назад
CVE-2019-25025 The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. This is a related issue to CVE-2019-16782.	CVSS3: 5.3	0% Низкий	почти 5 лет назад
CVE-2019-25025 The activerecord-session_store (aka Active Record Session Store) compo ...	CVSS3: 5.3	0% Низкий	почти 5 лет назад
GHSA-cvw2-xj8r-mjf7 Activerecord-session_store Vulnerable to Timing Attack	CVSS3: 5.3	0% Низкий	почти 5 лет назад

Уязвимостей на страницу