CVE-2019-16782 – Possible Information Leak / Session Hijack Vulnerability in Rack
https://notcve.org/view.php?id=CVE-2019-16782
There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html http://www.openwall.com/lists/oss-security/2019/12/18/2 http://www.openwall.com/lists/oss-security/2019/12/18/3 http://www.openwall.com/lists/oss-security/2019/12/19/3 http://www.openwall.com/lists/oss-security/2020/04/08/1 http://www.openwall.com/lists/oss-security/2020/04/09/2 https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38 https://github.com/rack/rack/securit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •
CVE-2018-16471
https://notcve.org/view.php?id=CVE-2018-16471
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable. Hay una posible vulnerabilidad Cross-Site Scripting (XSS) en Rack en versiones anteriores a la 2.0.6 y la 1.6.11. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html https://groups.google.com/forum/#%21topic/rubyonrails-security/GKsAFT924Ag https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html https://usn.ubuntu.com/4089-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-16470 – rubygem-rack: Buffer size in multipart parser allows for denial of service
https://notcve.org/view.php?id=CVE-2018-16470
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size. Hay una posible vulnerabilidad de denegación de servicio (DoS) en el analizador multiparte en Rack en versiones anteriores a la 2.0.6. Las peticiones especialmente manipuladas pueden provocar que el analizador multiparte entre en estado patológico, haciendo que emplee una cantidad de recursos de CPU desproporcionada al tamaño de la petición. • https://access.redhat.com/errata/RHSA-2019:3172 https://groups.google.com/forum/#%21msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ https://access.redhat.com/security/cve/CVE-2018-16470 https://bugzilla.redhat.com/show_bug.cgi?id=1646814 • CWE-400: Uncontrolled Resource Consumption •
CVE-2015-3225 – rubygem-rack: Potential Denial of Service Vulnerability in Rack normalize_params()
https://notcve.org/view.php?id=CVE-2015-3225
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. Vulnerabilidad en lib/rack/utils.rb en Rack en versiones anteriores a 1.5.4 y 1.6.x anteriores a 1.6.2, tal como se utiliza con Ruby on Rails en versiones 3.x y 4.x y en otros productos, permite a atacantes remotos provocar una denegación de servicio (SystemStackError) a través de una solicitud con un parámetro de gran tamaño. A flaw was found in a way Rack processed parameters of incoming requests. An attacker could use this flaw to send a crafted request that would cause an application using Rack to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html http://openwall.com/lists/oss-security/2015/06/16/14 http://rhn.redhat.com/errata/RHSA-2015-2290.html http://www.debian.org/security • CWE-19: Data Processing Errors CWE-400: Uncontrolled Resource Consumption •
CVE-2012-6109 – rubygem-rack: parsing Content-Disposition header DoS
https://notcve.org/view.php?id=CVE-2012-6109
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header. lib/rack/multipart.rb en Rack anterior a v1.1.4 anterior a v1.1.5, v1.2.x anterior a v1.2.6, v1.3.x anterior a v1.3.7, y v1.4.x anterior a v1.4.2, emplea incorrectamente las expresiones regulares lo que permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una cabecera manipulada del tipo Content-Disposion. • http://rack.github.com http://rhn.redhat.com/errata/RHSA-2013-0544.html http://rhn.redhat.com/errata/RHSA-2013-0548.html https://bugzilla.redhat.com/show_bug.cgi?id=895277 https://github.com/rack/rack/blob/master/README.rdoc https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5 https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ https://access.redhat.com/security/cve/CVE-2012-6109 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •