CVE-2018-1000119 - Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerabil

CVE-2018-1000119

Summary

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.

References

Vulnerable Configurations

cpe:2.3:a:sinatrarb:rack-protection:*:*:*:*:*:*:*:*
cpe:2.3:a:sinatrarb:rack-protection:*:*:*:*:*:*:*:*
cpe:2.3:a:sinatrarb:rack-protection:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:sinatrarb:rack-protection:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:sinatrarb:rack-protection:2.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:sinatrarb:rack-protection:2.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:sinatrarb:rack-protection:2.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:sinatrarb:rack-protection:2.0.0:rc3:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-203

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

redhat via4

advisories

rhsa

id	RHSA-2018:1060

rpms

pcs-0:0.9.162-5.el7_5.1
pcs-debuginfo-0:0.9.162-5.el7_5.1
pcs-snmp-0:0.9.162-5.el7_5.1

refmap via4

confirm	https://github.com/sinatra/rack-protection/pull/98 https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb#commitcomment-27964109
debian	DSA-4247

Last major update

24-08-2020 - 17:37

Published

07-03-2018 - 14:29

Last modified

24-08-2020 - 17:37