ubuntu-cve-2019-16782
Vulnerability from osv_ubuntu
Published
2019-12-18 20:15
Modified
2025-07-16 04:54
Summary
Details

There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.


{
  "affected": [
    {
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "librack-ruby",
            "binary_version": "1.5.2-3+deb8u3ubuntu1~esm3"
          },
          {
            "binary_name": "librack-ruby1.8",
            "binary_version": "1.5.2-3+deb8u3ubuntu1~esm3"
          },
          {
            "binary_name": "librack-ruby1.9.1",
            "binary_version": "1.5.2-3+deb8u3ubuntu1~esm3"
          },
          {
            "binary_name": "ruby-rack",
            "binary_version": "1.5.2-3+deb8u3ubuntu1~esm3"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:14.04:LTS",
        "name": "ruby-rack",
        "purl": "pkg:deb/ubuntu/ruby-rack@1.5.2-3+deb8u3ubuntu1~esm3?arch=source\u0026distro=trusty/esm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.2-3+deb8u3ubuntu1~esm3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.5.2-1",
        "1.5.2-1ubuntu0.1~esm1",
        "1.5.2-3+deb8u3ubuntu1~esm2"
      ]
    },
    {
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "ruby-rack",
            "binary_version": "1.6.4-3ubuntu0.2+esm1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:16.04:LTS",
        "name": "ruby-rack",
        "purl": "pkg:deb/ubuntu/ruby-rack@1.6.4-3ubuntu0.2+esm1?arch=source\u0026distro=esm-apps/xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.4-3ubuntu0.2+esm1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.5.2-4",
        "1.6.4-2",
        "1.6.4-3",
        "1.6.4-3ubuntu0.1",
        "1.6.4-3ubuntu0.2"
      ]
    },
    {
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "ruby-rack",
            "binary_version": "1.6.4-4ubuntu0.2+esm1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:18.04:LTS",
        "name": "ruby-rack",
        "purl": "pkg:deb/ubuntu/ruby-rack@1.6.4-4ubuntu0.2+esm1?arch=source\u0026distro=esm-apps/bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.4-4ubuntu0.2+esm1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.6.4-4",
        "1.6.4-4ubuntu0.1",
        "1.6.4-4ubuntu0.2"
      ]
    },
    {
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "ruby-rack",
            "binary_version": "2.0.7-2ubuntu0.1+esm1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:20.04:LTS",
        "name": "ruby-rack",
        "purl": "pkg:deb/ubuntu/ruby-rack@2.0.7-2ubuntu0.1+esm1?arch=source\u0026distro=esm-apps/focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.7-2ubuntu0.1+esm1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.0.6-3",
        "2.0.7-2",
        "2.0.7-2ubuntu0.1"
      ]
    }
  ],
  "aliases": [],
  "details": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.",
  "id": "UBUNTU-CVE-2019-16782",
  "modified": "2025-07-16T04:54:57Z",
  "published": "2019-12-18T20:15:00Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-16782"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3"
    },
    {
      "type": "REPORT",
      "url": "http://www.openwall.com/lists/oss-security/2019/12/18/2"
    },
    {
      "type": "REPORT",
      "url": "http://www.openwall.com/lists/oss-security/2019/12/18/3"
    },
    {
      "type": "REPORT",
      "url": "http://www.openwall.com/lists/oss-security/2019/12/19/3"
    },
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-5253-1"
    },
    {
      "type": "REPORT",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16782"
    }
  ],
  "related": [
    "USN-5253-1"
  ],
  "schema_version": "1.7.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "medium",
      "type": "Ubuntu"
    }
  ],
  "upstream": [
    "CVE-2019-16782"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…