Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 06 Jun 2012 11:29:35 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: Kurt Seifried <kseifried@...hat.com>
CC: oss-security@...ts.openwall.com, Matthias Weckbecker <mweckbecker@...e.de>
Subject: Re: CVE request: rack-cache caches sensitive headers
 (Set-Cookie)

Thanks for your report, Matthias.

On 06/06/2012 11:09 AM, Matthias Weckbecker wrote:
> Hi Kurt, Steve, vendors,
>
> rake-cache caches sensitive response headers such as Set-Cookie. Attackers
> with access to the cache could possibly obtain other user's cookies to e.g.
> bypass authentication.
>
> More information (including patch) available at our bugzilla:
>    https://bugzilla.novell.com/show_bug.cgi?id=763650
>
> Kurt, could you possibly assign a CVE for this issue, please? Thank you in
> advance!

Kurt, once assigned please note it in our bug:
https://bugzilla.redhat.com/show_bug.cgi?id=824520

too.

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

>
> Matthias
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.