{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2013-0263", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=909071", "refsource" : "MISC", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=909071" }, { "name" : "https://gist.github.com/codahale/f9f3781f7b54985bee94", "refsource" : "MISC", "url" : "https://gist.github.com/codahale/f9f3781f7b54985bee94" }, { "name" : "https://twitter.com/coda/statuses/299732877745197056", "refsource" : "MISC", "url" : "https://twitter.com/coda/statuses/299732877745197056" }, { "name" : "http://rack.github.com/", "refsource" : "CONFIRM", "url" : "http://rack.github.com/" }, { "name" : "https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07", "refsource" : "CONFIRM", "url" : "https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07" }, { "name" : "https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11", "refsource" : "CONFIRM", "url" : "https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11" }, { "name" : "https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J", "refsource" : "CONFIRM", "url" : "https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J" }, { "name" : "https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ", "refsource" : "CONFIRM", "url" : "https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ" }, { "name" : "https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ", "refsource" : "CONFIRM", "url" : "https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ" }, { "name" : "https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ", "refsource" : "CONFIRM", "url" : "https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ" }, { "name" : "https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ", "refsource" : "CONFIRM", "url" : "https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ" }, { "name" : "https://puppet.com/security/cve/cve-2013-0263", "refsource" : "CONFIRM", "url" : "https://puppet.com/security/cve/cve-2013-0263" }, { "name" : "DSA-2783", "refsource" : "DEBIAN", "url" : "http://www.debian.org/security/2013/dsa-2783" }, { "name" : "RHSA-2013:0686", "refsource" : "REDHAT", "url" : "http://rhn.redhat.com/errata/RHSA-2013-0686.html" }, { "name" : "openSUSE-SU-2013:0462", "refsource" : "SUSE", "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "name" : "89939", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/89939" }, { "name" : "52033", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/52033" }, { "name" : "52134", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/52134" }, { "name" : "52774", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/52774" } ] } }