CVE-2012-2671

NameCVE-2012-2671
DescriptionThe Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby-rack-cache (PTS)buster1.2-4fixed
sid, trixie, bookworm, bullseye1.2-4.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby-rack-cachesource(unstable)1.2-1

Notes

https://github.com/rtomayko/rack-cache/blob/master/CHANGES
Search for package or bug name: Reporting problems