ByteOS Network

NVD Vulnerability Details :

CVE-2009-3086

Analyzed

Source-cve@mitre.org

Published At-08 Sep, 2009 | 18:30

Updated At-08 Aug, 2019 | 14:38

A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html	cve@mitre.org	N/A
http://secunia.com/advisories/36600	cve@mitre.org	N/A
http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails	cve@mitre.org	Patch
http://www.debian.org/security/2011/dsa-2260	cve@mitre.org	N/A
http://www.securityfocus.com/bid/37427	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2009/2544	cve@mitre.org	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History