Vulnerability Details CVE-2012-2671
The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081812.html
- http://www.openwall.com/lists/oss-security/2012/06/06/4
- http://www.openwall.com/lists/oss-security/2012/06/06/8
- https://bugzilla.novell.com/show_bug.cgi?id=763650
- https://bugzilla.redhat.com/show_bug.cgi?id=824520
- https://github.com/rtomayko/rack-cache/blob/master/CHANGES
- https://github.com/rtomayko/rack-cache/commit/2e3a64d07daac4c757cc57620f2288e865a09b90
- https://github.com/rtomayko/rack-cache/pull/52
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081812.html
- http://www.openwall.com/lists/oss-security/2012/06/06/4
- http://www.openwall.com/lists/oss-security/2012/06/06/8
- https://bugzilla.novell.com/show_bug.cgi?id=763650
- https://bugzilla.redhat.com/show_bug.cgi?id=824520
- https://github.com/rtomayko/rack-cache/blob/master/CHANGES
- https://github.com/rtomayko/rack-cache/commit/2e3a64d07daac4c757cc57620f2288e865a09b90
- https://github.com/rtomayko/rack-cache/pull/52
Products affected by CVE-2012-2671
-
cpe:2.3:a:rtomayko:rack-cach:0.3.0
-
cpe:2.3:a:rtomayko:rack-cach:0.4
-
cpe:2.3:a:rtomayko:rack-cach:0.5
-
cpe:2.3:a:rtomayko:rack-cach:0.5.2
-
cpe:2.3:a:rtomayko:rack-cach:0.5.3
-
cpe:2.3:a:rtomayko:rack-cach:1.0
-
cpe:2.3:a:rtomayko:rack-cach:1.0.1
-
cpe:2.3:a:rtomayko:rack-cach:1.0.2
-
cpe:2.3:a:rtomayko:rack-cach:1.0.3
-
cpe:2.3:a:rtomayko:rack-cach:1.1