VDB
CVE-2013-0263
CVE-2013-0263
PUBLISHED
Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.
EPSS 16.07% · 94.9th percentile
Risk Scores
EPSS Score
16.07%
94.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | ruby-rack | 0 |
Timeline
- Feb 8, 2013 CVE Published
- Aug 13, 2018 CVE Updated
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Apr 2, 2023 EPSS Score
- May 15, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2013-0263 third-party-advisory
- http://www.openwall.com/lists/oss-security/2013/02/07 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2013-0263 third-party-advisory