Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2009-3086HistorySep 08, 2009 - 6:30 p.m.
CVE-2009-3086
2009-09-0818:30:00
Debian Security Bug Tracker
security-tracker.debian.org
16
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
77.3%
A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | rails | <ย 2.2.3-1 | rails_2.2.3-1_all.deb |
| Debian | 11 | all | rails | <ย 2.2.3-1 | rails_2.2.3-1_all.deb |
| Debian | 10 | all | rails | <ย 2.2.3-1 | rails_2.2.3-1_all.deb |
| Debian | 999 | all | rails | <ย 2.2.3-1 | rails_2.2.3-1_all.deb |
| Debian | 13 | all | rails | <ย 2.2.3-1 | rails_2.2.3-1_all.deb |
Related
osv
osv
actionpack and activesupport vulnerable to information leaks
2017-10-24 18:33:38
rails - several
2011-06-14 00:00:00
ubuntucve
ubuntucve
CVE-2009-3086
2009-09-08 00:00:00
gitlab
gitlab
Exposure of Sensitive Information to an Unauthorized Actor
2017-10-24 00:00:00
Exposure of Sensitive Information to an Unauthorized Actor
2017-10-24 00:00:00
seebug
seebug
Ruby on RailsๆถๆฏDigest้ช่ฏ้ๅบๅฎๆถ้ด็ฎๆณๆผๆด
2009-12-29 00:00:00
prion
prion
Information disclosure
2009-09-08 18:30:00
veracode
veracode
Information Disclosure Through Timing Attack
2019-06-21 04:33:08
cve
cve
CVE-2009-3086
2009-09-08 18:30:00
github
github
actionpack and activesupport vulnerable to information leaks
2017-10-24 18:33:38
debian
debian
[SECURITY] [DSA 2259-1] rails security update
2011-06-14 18:57:49
nessus
nessus
openSUSE Security Update : rubygem-activesupport-2_1 (rubygem-activesupport-2_1-1321)
2009-10-22 00:00:00
Debian DSA-2260-1 : rails - several vulnerabilities
2011-06-15 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2260-1)
2023-03-08 00:00:00
Gentoo Security Advisory GLSA 200912-02 (rails)
2009-12-30 00:00:00
Gentoo Security Advisory GLSA 200912-02 (rails)
2009-12-30 00:00:00
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2009-12-20 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
77.3%
Related for DEBIANCVE:CVE-2009-3086