Lucene search

K
freebsdFreeBSD83A7A720-07D8-11E5-9A28-001E67150279
HistoryMar 24, 2015 - 12:00 a.m.

rest-client -- session fixation vulnerability

2015-03-2400:00:00
vuxml.freebsd.org
5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.8%

Andy Brody reports:

When Ruby rest-client processes an HTTP redirection response,
it blindly passes along the values from any Set-Cookie headers to the
redirection target, regardless of domain, path, or expiration.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchrubygem-rest-client< 1.6.7_1UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.8%

Related for 83A7A720-07D8-11E5-9A28-001E67150279