RubySec

Providing security resources for the Ruby community

CVE-2012-2671 (rack-cache): rack-cache Rubygem Sensitive HTTP Header Caching Weakness

ADVISORIES

GEM

rack-cache

SEVERITY

CVSS v2: 7.5

PATCHED VERSIONS

  • >= 1.2

DESCRIPTION

Rack::Cache (rack-cache) contains a flaw related to the rubygem caching sensitive HTTP headers. This will result in a weakness that may make it easier for an attacker to gain access to a user’s session via a specially crafted header.