Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2012-2671
Vulnerability from gsd - Updated: 2012-06-06 00:00Details
Rack::Cache (rack-cache) contains a flaw related to the rubygem caching
sensitive HTTP headers. This will result in a weakness that may make it
easier for an attacker to gain access to a user's session via a specially
crafted header.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-2671",
"description": "The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache.",
"id": "GSD-2012-2671",
"references": [
"https://www.suse.com/security/cve/CVE-2012-2671.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rack-cache",
"purl": "pkg:gem/rack-cache"
}
}
],
"aliases": [
"CVE-2012-2671",
"OSVDB-83077"
],
"details": "Rack::Cache (rack-cache) contains a flaw related to the rubygem caching\nsensitive HTTP headers. This will result in a weakness that may make it\neasier for an attacker to gain access to a user\u0027s session via a specially\ncrafted header.\n",
"id": "GSD-2012-2671",
"modified": "2012-06-06T00:00:00.000Z",
"published": "2012-06-06T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2671"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 7.5,
"type": "CVSS_V2"
}
],
"summary": "rack-cache Rubygem Sensitive HTTP Header Caching Weakness"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081812.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081812.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/06/06/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/06/06/4"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/06/06/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/06/06/8"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=763650",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=763650"
},
{
"name": "https://github.com/rtomayko/rack-cache/blob/master/CHANGES",
"refsource": "MISC",
"url": "https://github.com/rtomayko/rack-cache/blob/master/CHANGES"
},
{
"name": "https://github.com/rtomayko/rack-cache/commit/2e3a64d07daac4c757cc57620f2288e865a09b90",
"refsource": "MISC",
"url": "https://github.com/rtomayko/rack-cache/commit/2e3a64d07daac4c757cc57620f2288e865a09b90"
},
{
"name": "https://github.com/rtomayko/rack-cache/pull/52",
"refsource": "MISC",
"url": "https://github.com/rtomayko/rack-cache/pull/52"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=824520",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=824520"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2012-2671",
"cvss_v2": 7.5,
"date": "2012-06-06",
"description": "Rack::Cache (rack-cache) contains a flaw related to the rubygem caching\nsensitive HTTP headers. This will result in a weakness that may make it\neasier for an attacker to gain access to a user\u0027s session via a specially\ncrafted header.\n",
"gem": "rack-cache",
"osvdb": 83077,
"patched_versions": [
"\u003e= 1.2"
],
"title": "rack-cache Rubygem Sensitive HTTP Header Caching Weakness",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2671"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=0.3.0 \u003c1.2",
"affected_versions": "All versions starting from 0.3.0 before 1.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2013-08-28",
"description": "The package rack-cache caches potentially sensitive response headers (such as `Set-Cookie`). Attackers with access to the cache could possibly obtain other user\u0027s cookies to e.g. bypass authentication.",
"fixed_versions": [
"1.2"
],
"identifier": "CVE-2012-2671",
"identifiers": [
"CVE-2012-2671"
],
"package_slug": "gem/rack-cache",
"pubdate": "2012-06-16",
"solution": "Upgrade and patches available (see source)",
"title": "rack-cache: caches sensitive headers",
"urls": [
"https://bugzilla.novell.com/show_bug.cgi?id=763650"
],
"uuid": "1e5b6d66-dbcb-4803-bf22-1c42cc67d7ac"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rtomayko:rack-cach:0.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rtomayko:rack-cach:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rtomayko:rack-cach:0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rtomayko:rack-cach:0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rtomayko:rack-cach:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rtomayko:rack-cach:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rtomayko:rack-cach:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rtomayko:rack-cach:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rtomayko:rack-cach:0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rtomayko:rack-cach:0.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2671"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2012-8439",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081812.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=763650",
"refsource": "MISC",
"tags": [],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=763650"
},
{
"name": "[oss-security] 20120606 Re: CVE request: rack-cache caches sensitive headers (Set-Cookie)",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2012/06/06/8"
},
{
"name": "[oss-security] 20120606 CVE request: rack-cache caches sensitive headers (Set-Cookie)",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2012/06/06/4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=824520",
"refsource": "MISC",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=824520"
},
{
"name": "https://github.com/rtomayko/rack-cache/commit/2e3a64d07daac4c757cc57620f2288e865a09b90",
"refsource": "CONFIRM",
"tags": [],
"url": "https://github.com/rtomayko/rack-cache/commit/2e3a64d07daac4c757cc57620f2288e865a09b90"
},
{
"name": "https://github.com/rtomayko/rack-cache/blob/master/CHANGES",
"refsource": "CONFIRM",
"tags": [],
"url": "https://github.com/rtomayko/rack-cache/blob/master/CHANGES"
},
{
"name": "https://github.com/rtomayko/rack-cache/pull/52",
"refsource": "CONFIRM",
"tags": [],
"url": "https://github.com/rtomayko/rack-cache/pull/52"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2013-08-28T06:47Z",
"publishedDate": "2012-06-17T03:41Z"
}
}
}