CVE-2009-2422
moderate-risk
Published 2009-07-10
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.
Do I need to act?
-
0.40% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (5)
Affected Vendors
References (16)
Broken Link
http://secunia.com/advisories/35702
Third Party Advisory
http://support.apple.com/kb/HT4077
Broken Link
http://www.securityfocus.com/bid/35579
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51528
Broken Link
http://secunia.com/advisories/35702
Third Party Advisory
http://support.apple.com/kb/HT4077
Broken Link
http://www.securityfocus.com/bid/35579
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51528
46
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
12/34 · Low