exploit the possibilities
Showing 1 - 5 of 5 RSS Feed

CVE-2013-0263

Status Candidate

Overview

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.

Related Files

Gentoo Linux Security Advisory 201405-10
Posted May 19, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-10 - Multiple vulnerabilities have been found in Rack, the worst of which allow execution of arbitrary code. Versions less than 1.4.5 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6109, CVE-2013-0183, CVE-2013-0184, CVE-2013-0262, CVE-2013-0263
MD5 | c863f47fa113a7e46847f6c9dbe3f90c
Debian Security Advisory 2783-2
Posted Oct 24, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2783-2 - The update of librack-ruby in DSA-2783-1 also addressed CVE-2013-0183. The patch applied breaks rails applications like redmine (see Debian Bug #727187). Updated packages are available to address this problem.

tags | advisory, ruby
systems | linux, debian
advisories | CVE-2011-5036, CVE-2013-0183, CVE-2013-0184, CVE-2013-0263
MD5 | 2e39aa1e4b03061af042975c9f494aab
Debian Security Advisory 2783-1
Posted Oct 21, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2783-1 - Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface.

tags | advisory, vulnerability, ruby
systems | linux, debian
advisories | CVE-2011-5036, CVE-2013-0184, CVE-2013-0263
MD5 | ce9ddbd8e4a29924262b3801b98f701f
Red Hat Security Advisory 2013-0686-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0686-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. The latest packages for Subscription Asset Manager include a number of security fixes: When a Subscription Asset Manager instance is created, its configuration script automatically creates an RPM of the internal subscription service CA certificate. However, this RPM incorrectly created the CA certificate with file permissions of 0666. This allowed other users on a client system to modify the CA certificate used to trust the remote subscription server. All administrators are advised to update and deploy the subscription service certificate on all systems which use Subscription Asset Manager as their subscription service.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-6116, CVE-2012-6119, CVE-2013-0256, CVE-2013-0263, CVE-2013-0269, CVE-2013-0276, CVE-2013-1823
MD5 | 5e81cbe1b945aa35e5aa95323b877178
Red Hat Security Advisory 2013-0638-01
Posted Mar 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0638-01 - OpenShift Enterprise is a cloud computing Platform-as-a-Service solution from Red Hat, and is designed for on-premise or private cloud deployments. A flaw was found in the handling of paths provided to ruby193-rubygem-rack. A remote attacker could use this flaw to conduct a directory traversal attack by passing malformed requests. A timing attack flaw was found in the way rubygem-rack and ruby193-rubygem-rack processed HMAC digests in cookies. This flaw could aid an attacker using forged digital signatures to bypass authentication checks.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-0262, CVE-2013-0263, CVE-2013-0327, CVE-2013-0328, CVE-2013-0329, CVE-2013-0330, CVE-2013-0331
MD5 | a9d4725b866277146af66da7ecfb1758
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close