James Tucker

4 exploits Active since Feb 2013
CVE-2012-6109 WRITEUP WRITEUP
Rack < 1.1.4, 1.2.x < 1.2.6, 1.3.x < 1.3.7, 1.4.x < 1.4.2 - Denial of Service via Crafted Content-Disposition Header
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.
CVE-2013-0263 WRITEUP WRITEUP
Rack <1.5.2, <1.4.5, <1.3.10, <1.2.8, <1.1.6 - RCE
Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.
CVE-2013-0262 WRITEUP WRITEUP
Rack 1.4.x < 1.4.5 and 1.5.x < 1.5.2 - Path Traversal via PATH_INFO Environment Variable
rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."
CVE-2013-0263 WRITEUP WRITEUP
Rack <1.5.2, <1.4.5, <1.3.10, <1.2.8, <1.1.6 - RCE
Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.