CVE-2013-0263

Severity

51%

Complexity

49%

Confidentiality

106%

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.

CVSS 2.0 Base Score 5.1. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P).

Overview

First reported 12 years ago

2013-02-08 20:55:00

Last updated 6 years ago

2018-08-13 21:47:00

Affected Software

Rubyforge Rack 1.5.0

1.5.0

Rubyforge Rack 1.5.1

1.5.1

Rubyforge Rack 1.4.0

1.4.0

Rubyforge Rack 1.4.1

1.4.1

Rubyforge Rack 1.4.2

1.4.2

Rubyforge Rack 1.4.3

1.4.3

Rubyforge Rack 1.4.4

1.4.4

Rack Project Rack 1.3.0

1.3.0

Rack Project Rack 1.3.1

1.3.1

Rack Project Rack 1.3.2

1.3.2

Rack Project Rack 1.3.3

1.3.3

Rack Project Rack 1.3.4

1.3.4

Rack Project Rack 1.3.5

1.3.5

Rack Project Rack 1.3.6

1.3.6

Rack Project Rack 1.3.7

1.3.7

Rack Project Rack 1.3.8

1.3.8

Rack Project Rack 1.3.9

1.3.9

Rack Project Rack 1.2.0

1.2.0

Rack Project Rack 1.2.1

1.2.1

Rack Project Rack 1.2.2

1.2.2

Rack Project Rack 1.2.3

1.2.3

Rack Project Rack 1.2.4

1.2.4

Rack Project Rack 1.2.6

1.2.6

Rack Project Rack 1.2.7

1.2.7

Rack Project Rack 1.1.0

1.1.0

Rack Project Rack 1.1.4

1.1.4

Rack Project Rack 1.1.5

1.1.5

Rack Project Rack 1.1.6

1.1.6

References

openSUSE-SU-2013:0462

http://rack.github.com/

Vendor Advisory

RHSA-2013:0686

52033

Vendor Advisory

52134

Vendor Advisory

52774

DSA-2783

89939

https://bugzilla.redhat.com/show_bug.cgi?id=909071

https://gist.github.com/codahale/f9f3781f7b54985bee94

https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07

https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11

https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J

https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ

https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ

https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ

https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ

https://puppet.com/security/cve/cve-2013-0263

https://twitter.com/coda/statuses/299732877745197056

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.