Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5,
1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers
to guess the session cookie, gain privileges, and execute arbitrary code via a timing
attack involving an HMAC comparison function that does not run in constant time.

CPENameOperatorVersion
rackle1.1.5
rackge1.2.0
rackle1.2.7
rackge1.3.0
rackle1.3.9
rackge1.4.0
rackle1.4.4
rackge1.5.0
racklt1.5.2

Name	Operator	Version
rack	le	1.1.5
rack	ge	1.2.0
rack	le	1.2.7
rack	ge	1.3.0
rack	le	1.3.9
rack	ge	1.4.0
rack	le	1.4.4
rack	ge	1.5.0
rack	lt	1.5.2

References

nvd.nist.gov/vuln/detail/CVE-2013-0263

ubuntucve 1

cve 1

prion 1

osv 2

debiancve 1

github 1

nessus 8

freebsd 1

debian 3

securityvulns 2

openvas 7

fedora 2

gentoo 1

veracode 7

redhat 2

ubuntucve

CVE-2013-0263

2013-02-08 00:00:00

cve

CVE-2013-0263

2013-02-08 20:55:00

prion

Code injection

2013-02-08 20:55:00

osv

Rack arbitrary code execution via timing attack

2022-05-05 02:48:42

librack-ruby - several

2013-10-21 00:00:00

debiancve

CVE-2013-0263

2013-02-08 20:55:00

github

Rack arbitrary code execution via timing attack

2022-05-05 02:48:42

nessus

Fedora 18 : rubygem-rack-1.4.0-5.fc18 (2013-2306)

2013-05-08 00:00:00

Fedora 17 : rubygem-rack-1.4.0-4.fc17 (2013-2315)

2013-05-08 00:00:00

FreeBSD : Ruby Rack Gem -- Multiple Issues (fcfdabb7-f14d-4e61-a7d5-cfefb4b99b15)

2013-02-18 00:00:00

freebsd

Ruby Rack Gem -- Multiple Issues

2013-02-08 00:00:00

debian

[SECURITY] [DSA 2783-1] librack-ruby security update

2013-10-21 19:20:25

[SECURITY] [DSA 2783-2] librack-ruby regression update

2013-10-24 19:29:38

[SECURITY] [DSA 2783-2] librack-ruby regression update

2013-10-24 19:29:38

securityvulns

Librack multiple security vulnerabilities

2013-10-28 00:00:00

[SECURITY] [DSA 2783-2] librack-ruby regression update

2013-10-28 00:00:00

openvas

Debian Security Advisory DSA 2783-1 (librack-ruby - several vulnerabilities)

2013-10-21 00:00:00

Debian Security Advisory DSA 2783-1 (librack-ruby - several vulnerabilities)

2013-10-21 00:00:00

Fedora Update for rubygem-rack FEDORA-2013-2306

2013-05-09 00:00:00

fedora

[SECURITY] Fedora 18 Update: rubygem-rack-1.4.0-5.fc18

2013-05-07 18:33:02

[SECURITY] Fedora 17 Update: rubygem-rack-1.4.0-4.fc17

2013-05-07 18:29:19

gentoo

Rack: Multiple vulnerabilities

2014-05-17 00:00:00

veracode

Arbitrary Code Execution

2019-05-02 04:44:25

Cross-site Request Forgery (CSRF)

2019-05-02 04:43:59

Improper Access Control

2019-05-02 04:44:00

redhat

(RHSA-2013:0638) Moderate: Red Hat OpenShift Enterprise 1.1.2 update

2013-03-12 00:00:00

(RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update

2013-03-26 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for RUBY:RACK-2013-0263-89939