Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
13 Feb 2023, 04:40
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2013-02-08 20:55
Updated : 2023-12-10 11:16
NVD link : CVE-2013-0263
Mitre link : CVE-2013-0263
CVE.ORG link : CVE-2013-0263
JSON object : View
Products Affected
rack_project
- rack
CWE