Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 428706 (CVE-2012-2671)

Summary: <dev-ruby/rack-cache-1.2: Caches Sensitive Information (CVE-2012-2671)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: ruby
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2671
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2012-07-30 20:45:52 UTC 
CVE-2012-2671 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2671):
  The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other
  sensitive headers, which allows attackers to obtain sensitive cookie
  information, hijack web sessions, or have other unspecified impact by
  accessing the cache.


Please punt vulnerable versions.
Comment 1 Hans de Graaff gentoo-dev Security 2012-07-31 05:53:12 UTC 
Vulnerable versions removed.
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2012-07-31 11:07:20 UTC 
Thanks, Hans.

Closing noglsa for ~arch only.