PT-2009-5414 · Ruby · Ruby On Rails

Publicado

2009-09-08

Atualizado

2019-08-08

CVE-2009-3086

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions 2.1.0 through 2.2.2 Ruby on Rails versions 2.3.x before 2.3.4

Description: The issue is related to a certain algorithm that leaks information about the complexity of message-digest signature verification in the cookie store. This might allow remote attackers to forge a digest via multiple attempts.

Recommendations: For versions 2.1.0 through 2.2.2, update to version 2.2.3 or later. For versions 2.3.x before 2.3.4, update to version 2.3.4 or later.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2009-3086

DSA-2260-1

GHSA-FG9W-G6M4-557J

Produtos afetados

Ruby On Rails

PT-2009-5414 · Ruby · Ruby On Rails

CVE-2009-3086

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20