5.1

CVE-2013-0263

EPSS 5.28%
Published 08.02.2013 20:55:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.

Affected products Warnungen 0 Metrics 2 CWE 0 References 22

Data is provided by the National Vulnerability Database (NVD)

Rack Project ≫ Rack Version1.5.0

Rack Project ≫ Rack Version1.5.1

Rack Project ≫ Rack Version1.4.0

Rack Project ≫ Rack Version1.4.1

Rack Project ≫ Rack Version1.4.2

Rack Project ≫ Rack Version1.4.3

Rack Project ≫ Rack Version1.4.4

Rack Project ≫ Rack Version1.3.0

Rack Project ≫ Rack Version1.3.1

Rack Project ≫ Rack Version1.3.2

Rack Project ≫ Rack Version1.3.3

Rack Project ≫ Rack Version1.3.4

Rack Project ≫ Rack Version1.3.5

Rack Project ≫ Rack Version1.3.6

Rack Project ≫ Rack Version1.3.7

Rack Project ≫ Rack Version1.3.8

Rack Project ≫ Rack Version1.3.9

Rack Project ≫ Rack Version1.2.0

Rack Project ≫ Rack Version1.2.1

Rack Project ≫ Rack Version1.2.2

Rack Project ≫ Rack Version1.2.3

Rack Project ≫ Rack Version1.2.4

Rack Project ≫ Rack Version1.2.6

Rack Project ≫ Rack Version1.2.7

Rack Project ≫ Rack Version1.1.0

Rack Project ≫ Rack Version1.1.4

Rack Project ≫ Rack Version1.1.5

Rack Project ≫ Rack Version1.1.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.28%	0.896

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

http://www.debian.org/security/2013/dsa-2783

http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

http://rack.github.com/

Vendor Advisory

http://secunia.com/advisories/52033

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=909071

https://groups.google.com/forum/#%21msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ

https://groups.google.com/forum/#%21msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ

http://rhn.redhat.com/errata/RHSA-2013-0686.html

http://secunia.com/advisories/52134

Vendor Advisory

http://secunia.com/advisories/52774

http://www.osvdb.org/89939

https://gist.github.com/codahale/f9f3781f7b54985bee94

https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07

https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11

https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J

https://groups.google.com/forum/#%21msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ

https://groups.google.com/forum/#%21msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ

https://puppet.com/security/cve/cve-2013-0263

https://twitter.com/coda/statuses/299732877745197056

https://nvd.nist.gov/vuln/detail/CVE-2013-0263

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0263

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0263

EUVD