Lucene search

K

Veracode Vulnerability DatabaseVERACODE:22201

HistoryDec 19, 2019 - 5:35 a.m.

Information Disclosure

2019-12-1905:35:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

37

EPSS

0.002

Percentile

65.0%

rack is vulnerable to information disclosure. The vulnerability exists due to the insecure comparison of session IDs. A remote attacker is able to perform timing attacks by analyzing the response time of the server when performing the comparison of session IDs.

References

lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html

www.openwall.com/lists/oss-security/2019/12/18/2

www.openwall.com/lists/oss-security/2019/12/18/3

www.openwall.com/lists/oss-security/2019/12/19/3

www.openwall.com/lists/oss-security/2020/04/08/1

www.openwall.com/lists/oss-security/2020/04/09/2

github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38

github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

lists.fedoraproject.org/archives/list/[email protected]/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX/

EPSS

0.002

Percentile

65.0%

Related for VERACODE:22201

prion2 ibm1 symantec1 nessus8 openvas4 ubuntucve2 osv12 redhat3 github2 cve2 fedora1 rubygems2 redhatcve1 debiancve2 freebsd1 nvd2 cvelist2 mageia1 suse1 gitlab1 veracode1 ubuntu1