CVE-2013-0263
Description
Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.
Related CPE's
References
Vendor Advisory
Vendor Advisory
Vendor Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:H/Au:N/C:P/I:P/A:P |
AccessVector | NETWORK |
AccessComplexity | HIGH |
Authentication | NONE |
ConfidentialityImpact | PARTIAL |
IntegrityImpact | PARTIAL |
AvailabilityImpact | PARTIAL |
BaseScore | 5.099999904632568 |