Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby on Rails Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2009-3086 - Vulnerability Database
Ruby on Rails

Ruby on Rails Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2009-3086

Medium
Reference: CVE-2009-3086
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2009-3086
Title: Ruby on Rails Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2 and 2.3.x before 2.3.4 leaks information about the complexity of message-digest signature verification in the cookie store which might allow remote attackers to forge a digest via multiple attempts.