Lucene search

MitreCVE-2013-7134

HistoryApr 29, 2014 - 2:38 p.m.

CVE-2013-7134

2014-04-2914:38:46

CWE-255

mitre

web.nvd.nist.gov

cve-2013-7134

juvia

secret key

vulnerability

remote attackers

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.008

Percentile

81.2%

JSON

Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to cookies.

Affected configurations

Nvd

Node

phusionjuviaMatch-

VendorProductVersionCPE
phusionjuvia-cpe:2.3:a:phusion:juvia:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phusion	juvia	-	cpe:2.3:a:phusion:juvia:-:::::::*

References

www.openwall.com/lists/oss-security/2013/12/16/3

www.openwall.com/lists/oss-security/2013/12/18/1

github.com/phusion/juvia/issues/55

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.008

Percentile

81.2%

JSON

Related for CVE-2013-7134