CVE-2012-2671

Publication date 17 June 2012

Last updated 24 July 2024

Ubuntu priority

The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ruby-rack-cache	12.04 LTS precise	Not in release
	11.10 oneiric	Not in release
	11.04 natty	Not in release
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://github.com/rtomayko/rack-cache/pull/52
https://github.com/rtomayko/rack-cache/commit/2e3a64d07daac4c757cc57620f2288e865a09b90
https://github.com/rtomayko/rack-cache/blob/master/CHANGES
https://bugzilla.redhat.com/show_bug.cgi?id=824520
https://bugzilla.novell.com/show_bug.cgi?id=763650
http://www.openwall.com/lists/oss-security/2012/06/06/8
http://www.openwall.com/lists/oss-security/2012/06/06/4
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081812.html
https://www.cve.org/CVERecord?id=CVE-2012-2671