all things security
Showing 1 - 5 of 5 RSS Feed

CVE-2013-0263

Status Candidate

Overview

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.

Related Files

Gentoo Linux Security Advisory 201405-10
Posted May 19, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-10 - Multiple vulnerabilities have been found in Rack, the worst of which allow execution of arbitrary code. Versions less than 1.4.5 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6109, CVE-2013-0183, CVE-2013-0184, CVE-2013-0262, CVE-2013-0263
MD5 | c863f47fa113a7e46847f6c9dbe3f90c
Debian Security Advisory 2783-2
Posted Oct 24, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2783-2 - The update of librack-ruby in DSA-2783-1 also addressed CVE-2013-0183. The patch applied breaks rails applications like redmine (see Debian Bug #727187). Updated packages are available to address this problem.

tags | advisory, ruby
systems | linux, debian
advisories | CVE-2011-5036, CVE-2013-0183, CVE-2013-0184, CVE-2013-0263
MD5 | 2e39aa1e4b03061af042975c9f494aab
Debian Security Advisory 2783-1
Posted Oct 21, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2783-1 - Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface.

tags | advisory, vulnerability, ruby
systems | linux, debian
advisories | CVE-2011-5036, CVE-2013-0184, CVE-2013-0263
MD5 | ce9ddbd8e4a29924262b3801b98f701f
Red Hat Security Advisory 2013-0686-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0686-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. The latest packages for Subscription Asset Manager include a number of security fixes: When a Subscription Asset Manager instance is created, its configuration script automatically creates an RPM of the internal subscription service CA certificate. However, this RPM incorrectly created the CA certificate with file permissions of 0666. This allowed other users on a client system to modify the CA certificate used to trust the remote subscription server. All administrators are advised to update and deploy the subscription service certificate on all systems which use Subscription Asset Manager as their subscription service.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-6116, CVE-2012-6119, CVE-2013-0256, CVE-2013-0263, CVE-2013-0269, CVE-2013-0276, CVE-2013-1823
MD5 | 5e81cbe1b945aa35e5aa95323b877178
Red Hat Security Advisory 2013-0638-01
Posted Mar 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0638-01 - OpenShift Enterprise is a cloud computing Platform-as-a-Service solution from Red Hat, and is designed for on-premise or private cloud deployments. A flaw was found in the handling of paths provided to ruby193-rubygem-rack. A remote attacker could use this flaw to conduct a directory traversal attack by passing malformed requests. A timing attack flaw was found in the way rubygem-rack and ruby193-rubygem-rack processed HMAC digests in cookies. This flaw could aid an attacker using forged digital signatures to bypass authentication checks.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-0262, CVE-2013-0263, CVE-2013-0327, CVE-2013-0328, CVE-2013-0329, CVE-2013-0330, CVE-2013-0331
MD5 | a9d4725b866277146af66da7ecfb1758
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close