Lucene search

PRIOn knowledge basePRION:CVE-2009-3086

HistorySep 08, 2009 - 6:30 p.m.

Information disclosure

2009-09-0818:30:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

77.1%

JSON

A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.

CPENameOperatorVersion
railseq2.1.0
railseq2.1.1
railseq2.1.2
railseq2.2.0
railseq2.2.1
railseq2.2.2
railseq2.3.2
railseq2.3.3

Name	Operator	Version
rails	eq	2.1.0
rails	eq	2.1.1
rails	eq	2.1.2
rails	eq	2.2.0
rails	eq	2.2.1
rails	eq	2.2.2
rails	eq	2.3.2
rails	eq	2.3.3

References

lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

secunia.com/advisories/36600

weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails

www.debian.org/security/2011/dsa-2260

www.securityfocus.com/bid/37427

www.vupen.com/english/advisories/2009/2544

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

77.1%

JSON

Related for PRION:CVE-2009-3086