Home

CVE-2013-0263

Description

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.

Risk Information

Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
5.44

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2013-0263,CVE-2013-0262 are fixed in Ruby-rack 1.5.2Windows
Vulnerabilities CVE-2013-0263,CVE-2013-0262 are fixed in Ruby-rack 1.4.5Windows
Vulnerabilities CVE-2013-0263 are fixed in Ruby-rack 1.3.10Windows
Vulnerabilities CVE-2013-0263 are fixed in Ruby-rack 1.2.8Windows
Vulnerabilities CVE-2013-0263 are fixed in Ruby-rack 1.1.6Windows
Vulnerabilities CVE-2013-0263,CVE-2013-0262 are fixed in Ruby-rack for Linux 1.5.2Linux
Vulnerabilities CVE-2013-0263,CVE-2013-0262 are fixed in Ruby-rack for Linux 1.4.5Linux
Vulnerabilities CVE-2013-0263 are fixed in Ruby-rack for Linux 1.3.10Linux
Vulnerabilities CVE-2013-0263 are fixed in Ruby-rack for Linux 1.2.8Linux
Vulnerabilities CVE-2013-0263 are fixed in Ruby-rack for Linux 1.1.6Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234