#VU23688 Information Exposure Through Timing Discrepancy in Rack - CVE-2019-16782

Cybersecurity Help s.r.o.

Published: 2019-12-19

Vulnerability identifier: #VU23688

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2019-16782

CWE-ID: CWE-208

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Rack
Web applications / Modules and components for CMS

Vendor: Rack

Description

The vulnerability allows a remote attacker to perform a hijack victim's session.

The vulnerability exists due to an indexing issue in Rack (RubyGem rack) when processing user sessions. A remote attacker can guess session identifier and hijack victim's session.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Rack: 1.2.0, 1.6 - 1.6.11, 2.0 - 2.0.7

External links
https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38
https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Watson Discovery

SUSE update for rubygem-actionpack-4_2

OpenSUSE Linux update for rubygem-rack

Session hijacking in RubyGems Rack

Session hijackign in Ruby on Rails