James Tucker

2 exploits Active since Feb 2013

CVE-2013-0262 WRITEUP WRITEUP

Rack < 1.5.2 - Path Traversal

rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."

View Code

CVE-2013-0263 WRITEUP WRITEUP

Rack <1.5.2, <1.4.5, <1.3.10, <1.2.8, <1.1.6 - RCE

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.

View Code