oss-sec mailing list archives
Re: CVE request: rack-cache caches sensitive headers (Set-Cookie)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 06 Jun 2012 11:29:35 +0200
Thanks for your report, Matthias. On 06/06/2012 11:09 AM, Matthias Weckbecker wrote:
Hi Kurt, Steve, vendors, rake-cache caches sensitive response headers such as Set-Cookie. Attackers with access to the cache could possibly obtain other user's cookies to e.g. bypass authentication. More information (including patch) available at our bugzilla: https://bugzilla.novell.com/show_bug.cgi?id=763650 Kurt, could you possibly assign a CVE for this issue, please? Thank you in advance!
Kurt, once assigned please note it in our bug: https://bugzilla.redhat.com/show_bug.cgi?id=824520 too. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Matthias
Current thread:
- CVE request: rack-cache caches sensitive headers (Set-Cookie) Matthias Weckbecker (Jun 06)
- Re: CVE request: rack-cache caches sensitive headers (Set-Cookie) Jan Lieskovsky (Jun 06)
- Re: CVE request: rack-cache caches sensitive headers (Set-Cookie) Kurt Seifried (Jun 06)
- Re: CVE request: rack-cache caches sensitive headers (Set-Cookie) Jan Lieskovsky (Jun 06)