-
-
Notifications
You must be signed in to change notification settings - Fork 219
/
CVE-2019-16782.yml
32 lines (28 loc) · 1.29 KB
/
CVE-2019-16782.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
---
gem: rack
cve: 2019-16782
ghsa: hrqr-hxpp-chr3
url: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
date: 2019-12-18
title: Possible information leak / session hijack vulnerability
description: |
There's a possible information leak / session hijack vulnerability in Rack.
Attackers may be able to find and hijack sessions by using timing attacks
targeting the session id. Session ids are usually stored and indexed in a
database that uses some kind of scheme for speeding up lookups of that
session id. By carefully measuring the amount of time it takes to look up
a session, an attacker may be able to find a valid session id and hijack
the session.
The session id itself may be generated randomly, but the way the session is
indexed by the backing store does not use a secure comparison.
Impact:
The session id stored in a cookie is the same id that is used when querying
the backing session storage engine. Most storage mechanisms (for example a
database) use some sort of indexing in order to speed up the lookup of that
id. By carefully timing requests and session lookup failures, an attacker
may be able to perform a timing attack to determine an existing session id
and hijack that session.
cvss_v3: 6.3
patched_versions:
- "~> 1.6.12"
- ">= 2.0.8"