Vulnerability-Lookup

CVE-2019-16782 (GCVE-0-2019-16782)

Vulnerability from cvelistv5 – Published: 2019-12-18 19:05 – Updated: 2024-08-05 01:24

Title

Possible Information Leak / Session Hijack Vulnerability in Rack

Summary

There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-208 - Information Exposure Through Timing Discrepancy

Assigner

GitHub_M

References

URL

Tags

	https://github.com/rack/rack/security/advisories/…	x_refsource_CONFIRM
	https://github.com/rack/rack/commit/7fecaee81f599…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2019/12/18/3	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2019/12/18/2	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2019/12/19/3	mailing-listx_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2020/04/08/1	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2020/04/09/2	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	rack	rack	Affected: before 1.6.12 or 2.0.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:24:48.031Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38"
          },
          {
            "name": "[oss-security] 20191219 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/12/18/3"
          },
          {
            "name": "[oss-security] 20191218 [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/12/18/2"
          },
          {
            "name": "[oss-security] 20191218 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/12/19/3"
          },
          {
            "name": "FEDORA-2020-57fc0d0156",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX/"
          },
          {
            "name": "openSUSE-SU-2020:0214",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"
          },
          {
            "name": "[oss-security] 20200409 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/04/08/1"
          },
          {
            "name": "[oss-security] 20200408 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/04/09/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rack",
          "vendor": "rack",
          "versions": [
            {
              "status": "affected",
              "version": "before 1.6.12 or 2.0.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-208",
              "description": "CWE-208 Information Exposure Through Timing Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-09T14:06:01.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38"
        },
        {
          "name": "[oss-security] 20191219 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/12/18/3"
        },
        {
          "name": "[oss-security] 20191218 [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/12/18/2"
        },
        {
          "name": "[oss-security] 20191218 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/12/19/3"
        },
        {
          "name": "FEDORA-2020-57fc0d0156",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX/"
        },
        {
          "name": "openSUSE-SU-2020:0214",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"
        },
        {
          "name": "[oss-security] 20200409 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/04/08/1"
        },
        {
          "name": "[oss-security] 20200408 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/04/09/2"
        }
      ],
      "source": {
        "advisory": "GHSA-hrqr-hxpp-chr3",
        "discovery": "UNKNOWN"
      },
      "title": "Possible Information Leak / Session Hijack Vulnerability in Rack",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2019-16782",
          "STATE": "PUBLIC",
          "TITLE": "Possible Information Leak / Session Hijack Vulnerability in Rack"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "rack",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 1.6.12 or 2.0.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "rack"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-208 Information Exposure Through Timing Discrepancy"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3",
              "refsource": "CONFIRM",
              "url": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3"
            },
            {
              "name": "https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38",
              "refsource": "CONFIRM",
              "url": "https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38"
            },
            {
              "name": "[oss-security] 20191219 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/12/18/3"
            },
            {
              "name": "[oss-security] 20191218 [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/12/18/2"
            },
            {
              "name": "[oss-security] 20191218 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/12/19/3"
            },
            {
              "name": "FEDORA-2020-57fc0d0156",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX/"
            },
            {
              "name": "openSUSE-SU-2020:0214",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"
            },
            {
              "name": "[oss-security] 20200409 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/04/08/1"
            },
            {
              "name": "[oss-security] 20200408 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/04/09/2"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-hrqr-hxpp-chr3",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2019-16782",
    "datePublished": "2019-12-18T19:05:14.000Z",
    "dateReserved": "2019-09-24T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:24:48.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2019-16782

Vulnerability from gsd - Updated: 2019-12-18 00:00

Details

There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison. Impact: The session id stored in a cookie is the same id that is used when querying the backing session storage engine. Most storage mechanisms (for example a database) use some sort of indexing in order to speed up the lookup of that id. By carefully timing requests and session lookup failures, an attacker may be able to perform a timing attack to determine an existing session id and hijack that session.

Aliases

CVE-2019-16782

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-16782",
    "description": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.",
    "id": "GSD-2019-16782",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-16782.html",
      "https://access.redhat.com/errata/RHSA-2021:1313",
      "https://access.redhat.com/errata/RHSA-2020:4366",
      "https://access.redhat.com/errata/RHSA-2020:2480",
      "https://advisories.mageia.org/CVE-2019-16782.html",
      "https://ubuntu.com/security/CVE-2019-16782"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "rack",
            "purl": "pkg:gem/rack"
          }
        }
      ],
      "aliases": [
        "CVE-2019-16782",
        "GHSA-hrqr-hxpp-chr3"
      ],
      "details": "There\u0027s a possible information leak / session hijack vulnerability in Rack.\n\nAttackers may be able to find and hijack sessions by using timing attacks\ntargeting the session id. Session ids are usually stored and indexed in a\ndatabase that uses some kind of scheme for speeding up lookups of that\nsession id. By carefully measuring the amount of time it takes to look up\na session, an attacker may be able to find a valid session id and hijack\nthe session.\n\nThe session id itself may be generated randomly, but the way the session is\nindexed by the backing store does not use a secure comparison.\n\nImpact:\n\nThe session id stored in a cookie is the same id that is used when querying\nthe backing session storage engine.  Most storage mechanisms (for example a\ndatabase) use some sort of indexing in order to speed up the lookup of that\nid.  By carefully timing requests and session lookup failures, an attacker\nmay be able to perform a timing attack to determine an existing session id\nand hijack that session.",
      "id": "GSD-2019-16782",
      "modified": "2019-12-18T00:00:00.000Z",
      "published": "2019-12-18T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 6.3,
          "type": "CVSS_V3"
        }
      ],
      "summary": "Possible information leak / session hijack vulnerability"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2019-16782",
        "STATE": "PUBLIC",
        "TITLE": "Possible Information Leak / Session Hijack Vulnerability in Rack"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "rack",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "before 1.6.12 or 2.0.8"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "rack"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-208 Information Exposure Through Timing Discrepancy"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3",
            "refsource": "CONFIRM",
            "url": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3"
          },
          {
            "name": "https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38",
            "refsource": "CONFIRM",
            "url": "https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38"
          },
          {
            "name": "[oss-security] 20191219 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/12/18/3"
          },
          {
            "name": "[oss-security] 20191218 [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/12/18/2"
          },
          {
            "name": "[oss-security] 20191218 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2019/12/19/3"
          },
          {
            "name": "FEDORA-2020-57fc0d0156",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX/"
          },
          {
            "name": "openSUSE-SU-2020:0214",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"
          },
          {
            "name": "[oss-security] 20200409 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2020/04/08/1"
          },
          {
            "name": "[oss-security] 20200408 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2020/04/09/2"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-hrqr-hxpp-chr3",
        "discovery": "UNKNOWN"
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2019-16782",
      "cvss_v3": 6.3,
      "date": "2019-12-18",
      "description": "There\u0027s a possible information leak / session hijack vulnerability in Rack.\n\nAttackers may be able to find and hijack sessions by using timing attacks\ntargeting the session id. Session ids are usually stored and indexed in a\ndatabase that uses some kind of scheme for speeding up lookups of that\nsession id. By carefully measuring the amount of time it takes to look up\na session, an attacker may be able to find a valid session id and hijack\nthe session.\n\nThe session id itself may be generated randomly, but the way the session is\nindexed by the backing store does not use a secure comparison.\n\nImpact:\n\nThe session id stored in a cookie is the same id that is used when querying\nthe backing session storage engine.  Most storage mechanisms (for example a\ndatabase) use some sort of indexing in order to speed up the lookup of that\nid.  By carefully timing requests and session lookup failures, an attacker\nmay be able to perform a timing attack to determine an existing session id\nand hijack that session.",
      "gem": "rack",
      "ghsa": "hrqr-hxpp-chr3",
      "patched_versions": [
        "~\u003e 1.6.12",
        "\u003e= 2.0.8"
      ],
      "title": "Possible information leak / session hijack vulnerability",
      "url": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.6.12||\u003e1.6.12 \u003c2.0.8",
          "affected_versions": "All versions before 1.6.12, all versions after 1.6.12 before 2.0.8",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-200",
            "CWE-937"
          ],
          "date": "2019-12-28",
          "description": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.",
          "fixed_versions": [
            "1.6.12",
            "2.0.8"
          ],
          "identifier": "CVE-2019-16782",
          "identifiers": [
            "CVE-2019-16782",
            "GHSA-hrqr-hxpp-chr3"
          ],
          "not_impacted": "Version 1.6.12, all versions starting from 2.0.8",
          "package_slug": "gem/rack",
          "pubdate": "2019-12-18",
          "solution": "Upgrade to version 2.0.8 or above.",
          "title": "Information Exposure",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-16782",
            "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3"
          ],
          "uuid": "f3c4e135-0d7a-4ab9-a4ef-a331ef23c423"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.6.12",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.8",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2019-16782"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-203"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38"
            },
            {
              "name": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3"
            },
            {
              "name": "[oss-security] 20191218 [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/12/18/2"
            },
            {
              "name": "[oss-security] 20191219 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/12/18/3"
            },
            {
              "name": "[oss-security] 20191218 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/12/19/3"
            },
            {
              "name": "FEDORA-2020-57fc0d0156",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX/"
            },
            {
              "name": "openSUSE-SU-2020:0214",
              "refsource": "SUSE",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"
            },
            {
              "name": "[oss-security] 20200409 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/04/08/1"
            },
            {
              "name": "[oss-security] 20200408 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/04/09/2"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-11-02T18:04Z",
      "publishedDate": "2019-12-18T20:15Z"
    }
  }
}

FKIE_CVE-2019-16782

Vulnerability from fkie_nvd - Published: 2019-12-18 20:15 - Updated: 2025-02-13 15:37

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security-advisories@github.com	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html	Third Party Advisory
security-advisories@github.com	http://www.openwall.com/lists/oss-security/2019/12/18/2	Mailing List, Third Party Advisory
security-advisories@github.com	http://www.openwall.com/lists/oss-security/2019/12/18/3	Mailing List, Third Party Advisory
security-advisories@github.com	http://www.openwall.com/lists/oss-security/2019/12/19/3	Mailing List, Third Party Advisory
security-advisories@github.com	http://www.openwall.com/lists/oss-security/2020/04/08/1	Mailing List, Patch, Third Party Advisory
security-advisories@github.com	http://www.openwall.com/lists/oss-security/2020/04/09/2	Mailing List, Third Party Advisory
security-advisories@github.com	https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3	Third Party Advisory
security-advisories@github.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX/
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/12/18/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/12/18/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2019/12/19/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2020/04/08/1	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2020/04/09/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX/

Impacted products

Vendor	Product	Version
rack	rack	*
rack	rack	*
fedoraproject	fedora	31
opensuse	leap	15.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
              "matchCriteriaId": "D920538B-B12B-4CB6-B04C-4ED0122B1ACE",
              "versionEndExcluding": "1.6.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
              "matchCriteriaId": "75BDB863-165A-4446-855E-25243469A538",
              "versionEndExcluding": "2.0.8",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There\u0027s a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison."
    },
    {
      "lang": "es",
      "value": "Se presenta una posible vulnerabilidad de fuga de informaci\u00f3n y secuestro de sesi\u00f3n en Rack (rack RubyGem). Esta vulnerabilidad est\u00e1 parchada en las versiones 1.6.12 y 2.0.8. Los atacantes pueden ser capaces de encontrar y secuestrar sesiones utilizando ataques de sincronizaci\u00f3n dirigidos al id de sesi\u00f3n. Los id de sesi\u00f3n com\u00fanmente son almacenados e indexados a una base de datos que utiliza alg\u00fan tipo de esquema para acelerar las b\u00fasquedas de ese identificador de sesi\u00f3n. Al medir cuidadosamente la cantidad de tiempo que toma buscar una sesi\u00f3n, un atacante puede encontrar un id de sesi\u00f3n v\u00e1lida y secuestrar la sesi\u00f3n. El id de sesi\u00f3n en s\u00ed puede ser generado aleatoriamente, pero la forma en que es indexada la sesi\u00f3n por parte del almac\u00e9n de respaldo no utiliza una comparaci\u00f3n segura."
    }
  ],
  "id": "CVE-2019-16782",
  "lastModified": "2025-02-13T15:37:40.953",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 4.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-18T20:15:16.180",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/12/18/2"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/12/18/3"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/12/19/3"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/04/08/1"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/04/09/2"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/12/18/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/12/18/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/12/19/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/04/08/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/04/09/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX/"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-208"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-HRQR-HXPP-CHR3

Vulnerability from github – Published: 2019-12-18 19:01 – Updated: 2025-02-13 18:33

Summary

Possible Information Leak / Session Hijack Vulnerability in Rack

Details

The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.

Impact

The session id stored in a cookie is the same id that is used when querying the backing session storage engine. Most storage mechanisms (for example a database) use some sort of indexing in order to speed up the lookup of that id. By carefully timing requests and session lookup failures, an attacker may be able to perform a timing attack to determine an existing session id and hijack that session.

Releases

The 1.6.12 and 2.0.8 releases are available at the normal locations.

Workarounds

There are no known workarounds.

Patches

To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

1-6-session-timing-attack.patch - Patch for 1.6 series
2-0-session-timing-attack.patch - Patch for 2.6 series

Credits

Thanks Will Leinweber for reporting this!

Severity ?

6.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-16782"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-208"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-12-18T19:01:07Z",
    "nvd_published_at": "2019-12-18T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "There\u0027s a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session.\n\nThe session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.\n\n### Impact\n\nThe session id stored in a cookie is the same id that is used when querying the backing session storage engine.  Most storage mechanisms (for example a database) use some sort of indexing in order to speed up the lookup of that id.  By carefully timing requests and session lookup failures, an attacker may be able to perform a timing attack to determine an existing session id and hijack that session.\n\n## Releases\n\nThe 1.6.12 and 2.0.8 releases are available at the normal locations.\n\n### Workarounds\n\nThere are no known workarounds.\n\n### Patches\n\nTo aid users who aren\u0027t able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 1-6-session-timing-attack.patch - Patch for 1.6 series\n* 2-0-session-timing-attack.patch - Patch for 2.6 series\n\n### Credits\n\nThanks Will Leinweber for reporting this!",
  "id": "GHSA-hrqr-hxpp-chr3",
  "modified": "2025-02-13T18:33:17Z",
  "published": "2019-12-18T19:01:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16782"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rack/rack"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/12/18/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/12/18/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/12/19/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/04/08/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/04/09/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Possible Information Leak / Session Hijack Vulnerability in Rack"
}

CNVD-2020-22681

Vulnerability from cnvd - Published: 2020-04-13

Title

Ruby信息泄露漏洞

Description

Ruby是松本行弘软件开发者的一种跨平台、面向对象的动态类型编程语言。 Ruby中存在安全漏洞。攻击者可通过对会话ID进行时序攻击利用该漏洞劫持会话。

Severity

低

Patch Name

Ruby信息泄露漏洞的补丁

Patch Description

Ruby是松本行弘软件开发者的一种跨平台、面向对象的动态类型编程语言。 Ruby中存在安全漏洞。攻击者可通过对会话ID进行时序攻击利用该漏洞劫持会话。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Reference

http://www.openwall.com/lists/oss-security/2019/12/18/2

Impacted products

Name
Ruby Ruby

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-16782",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-16782"
    }
  },
  "description": "Ruby\u662f\u677e\u672c\u884c\u5f18\u8f6f\u4ef6\u5f00\u53d1\u8005\u7684\u4e00\u79cd\u8de8\u5e73\u53f0\u3001\u9762\u5411\u5bf9\u8c61\u7684\u52a8\u6001\u7c7b\u578b\u7f16\u7a0b\u8bed\u8a00\u3002\n\nRuby\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5bf9\u4f1a\u8bddID\u8fdb\u884c\u65f6\u5e8f\u653b\u51fb\u5229\u7528\u8be5\u6f0f\u6d1e\u52ab\u6301\u4f1a\u8bdd\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-22681",
  "openTime": "2020-04-13",
  "patchDescription": "Ruby\u662f\u677e\u672c\u884c\u5f18\u8f6f\u4ef6\u5f00\u53d1\u8005\u7684\u4e00\u79cd\u8de8\u5e73\u53f0\u3001\u9762\u5411\u5bf9\u8c61\u7684\u52a8\u6001\u7c7b\u578b\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nRuby\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5bf9\u4f1a\u8bddID\u8fdb\u884c\u65f6\u5e8f\u653b\u51fb\u5229\u7528\u8be5\u6f0f\u6d1e\u52ab\u6301\u4f1a\u8bdd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Ruby\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Ruby Ruby"
  },
  "referenceLink": "http://www.openwall.com/lists/oss-security/2019/12/18/2",
  "serverity": "\u4f4e",
  "submitTime": "2019-12-27",
  "title": "Ruby\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-16782 (GCVE-0-2019-16782)

GSD-2019-16782

FKIE_CVE-2019-16782

GHSA-HRQR-HXPP-CHR3

Impact

Releases

Workarounds

Patches

Credits

CNVD-2020-22681

Tags

Sightings

Nomenclature