Description

A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.

Remediation

References

CVE-2009-3086

Related Vulnerabilities

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler PHP Object Injection (5.7.0)

Drupal Other Vulnerability (CVE-2005-1871)

Apache Tomcat Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17569)

osTicket Integer Overflow or Wraparound Vulnerability (CVE-2018-7194)

WordPress Plugin Modern Events Calendar Lite Security Bypass (5.1.6)

Severity

Medium

Classification

CVE-2009-3086 CWE-200

Tags

Missing Update Known Vulnerabilities