Vulnerability in Rack_project Rack
CVE-2013-0263
Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a ti…
EPSS: 0.053 (91.6th percentile) — read the EPSS interpretation.
Affected products
- Rack_project Rack — versions 1.5.0, 1.5.1, 1.4.0
- N/a — versions n/a
Public proof-of-concept exploits
References
- secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_MISC)
Frequently asked questions
- What is CVE-2013-0263?
- CVE-2013-0263 is a vulnerability in Rack_project Rack. Published 2013-02-08.
- Is CVE-2013-0263 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.