CVE-2013-0263 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2013-0263 Interim 1 28 2025-11-05T05:30:22Z current 2021-05-30T13:08:20Z 2025-11-05T05:30:22Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2013-0263 Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FLQ74D2IZAJC5KD6QXVUZAQ6O5LNAWZX/ E-Mail link for openSUSE-SU-2025:14811-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MOZFATD6SCQREBY3SZW5KQJPN6KN7A6D/ E-Mail link for openSUSE-SU-2025:14875-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 openSUSE Tumbleweed ruby2.1-rubygem-chef-10.32.2-3.1 ruby2.1-rubygem-chef-10.32.2-3.2 ruby2.1-rubygem-chef-expander-10.32.2-1.34 ruby2.1-rubygem-chef-server-10.32.2-1.1 ruby2.1-rubygem-chef-server-api-10.32.2-4.2 ruby2.1-rubygem-chef-solr-10.32.2-1.2 ruby2.1-rubygem-rack ruby2.1-rubygem-rack-1.6.4-2.3 ruby2.2-rubygem-rack-1_4-1.4.7-1.8 ruby2.2-rubygem-rack-1_6-1.6.5-1.1 ruby2.2-rubygem-rack-2.0.1-1.1 ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8 ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1 ruby2.2-rubygem-rack-doc-2.0.1-1.1 ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8 ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1 ruby2.2-rubygem-rack-testsuite-2.0.1-1.1 ruby2.3-rubygem-rack-1_4-1.4.7-1.8 ruby2.3-rubygem-rack-1_6-1.6.5-1.1 ruby2.3-rubygem-rack-2.0.1-1.1 ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8 ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1 ruby2.3-rubygem-rack-doc-2.0.1-1.1 ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8 ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1 ruby2.3-rubygem-rack-testsuite-2.0.1-1.1 ruby2.7-rubygem-rack-1_6-1.6.13-1.13 ruby2.7-rubygem-rack-2.0-2.0.9-1.10 ruby2.7-rubygem-rack-2.2.3-1.7 ruby3.0-rubygem-rack-1_6-1.6.13-1.13 ruby3.0-rubygem-rack-2.0-2.0.9-1.10 ruby3.0-rubygem-rack-2.2.3-1.7 ruby3.1-rubygem-rack-2.2-2.2.4-1.1 ruby3.1-rubygem-rack-2.2.3.1-1.1 ruby3.2-rubygem-rack-2.2-2.2.7-1.1 ruby3.2-rubygem-rack-3.0.7-1.2 ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1 ruby3.3-rubygem-rack-3.0.9.1-1.1 ruby3.4-rubygem-rack-2.2-2.2.11-1.1 ruby3.4-rubygem-rack-3.1.12-1.1 rubygem-chef-10.32.2-3.1 rubygem-chef-10.32.2-3.2 rubygem-chef-expander-10.32.2-1.34 rubygem-chef-server-api-10.32.2-4.2 rubygem-chef-solr-10.32.2-1.2 rubygem-rack rubygem-rack-1_4-1.4.5-0.5.8 ruby2.1-rubygem-chef-10.32.2-3.1 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 rubygem-chef-10.32.2-3.1 as a component of SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 rubygem-rack-1_4-1.4.5-0.5.8 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 ruby2.1-rubygem-chef-10.32.2-3.2 as a component of SUSE OpenStack Cloud 6 ruby2.1-rubygem-chef-expander-10.32.2-1.34 as a component of SUSE OpenStack Cloud 6 ruby2.1-rubygem-chef-server-10.32.2-1.1 as a component of SUSE OpenStack Cloud 6 ruby2.1-rubygem-chef-server-api-10.32.2-4.2 as a component of SUSE OpenStack Cloud 6 ruby2.1-rubygem-chef-solr-10.32.2-1.2 as a component of SUSE OpenStack Cloud 6 ruby2.1-rubygem-rack-1.6.4-2.3 as a component of SUSE OpenStack Cloud 6 rubygem-chef-10.32.2-3.2 as a component of SUSE OpenStack Cloud 6 rubygem-chef-expander-10.32.2-1.34 as a component of SUSE OpenStack Cloud 6 rubygem-chef-server-api-10.32.2-4.2 as a component of SUSE OpenStack Cloud 6 rubygem-chef-solr-10.32.2-1.2 as a component of SUSE OpenStack Cloud 6 ruby2.2-rubygem-rack-2.0.1-1.1 as a component of openSUSE Tumbleweed ruby2.2-rubygem-rack-1_4-1.4.7-1.8 as a component of openSUSE Tumbleweed ruby2.2-rubygem-rack-1_6-1.6.5-1.1 as a component of openSUSE Tumbleweed ruby2.2-rubygem-rack-doc-2.0.1-1.1 as a component of openSUSE Tumbleweed ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8 as a component of openSUSE Tumbleweed ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1 as a component of openSUSE Tumbleweed ruby2.2-rubygem-rack-testsuite-2.0.1-1.1 as a component of openSUSE Tumbleweed ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8 as a component of openSUSE Tumbleweed ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-rack-2.0.1-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-rack-1_4-1.4.7-1.8 as a component of openSUSE Tumbleweed ruby2.3-rubygem-rack-1_6-1.6.5-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-rack-doc-2.0.1-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8 as a component of openSUSE Tumbleweed ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-rack-testsuite-2.0.1-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8 as a component of openSUSE Tumbleweed ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1 as a component of openSUSE Tumbleweed ruby2.7-rubygem-rack-2.2.3-1.7 as a component of openSUSE Tumbleweed ruby2.7-rubygem-rack-1_6-1.6.13-1.13 as a component of openSUSE Tumbleweed ruby2.7-rubygem-rack-2.0-2.0.9-1.10 as a component of openSUSE Tumbleweed ruby3.0-rubygem-rack-2.2.3-1.7 as a component of openSUSE Tumbleweed ruby3.0-rubygem-rack-1_6-1.6.13-1.13 as a component of openSUSE Tumbleweed ruby3.0-rubygem-rack-2.0-2.0.9-1.10 as a component of openSUSE Tumbleweed ruby3.1-rubygem-rack-2.2.3.1-1.1 as a component of openSUSE Tumbleweed ruby3.1-rubygem-rack-2.2-2.2.4-1.1 as a component of openSUSE Tumbleweed ruby3.2-rubygem-rack-3.0.7-1.2 as a component of openSUSE Tumbleweed ruby3.2-rubygem-rack-2.2-2.2.7-1.1 as a component of openSUSE Tumbleweed ruby3.3-rubygem-rack-3.0.9.1-1.1 as a component of openSUSE Tumbleweed ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1 as a component of openSUSE Tumbleweed ruby3.4-rubygem-rack-3.1.12-1.1 as a component of openSUSE Tumbleweed ruby3.4-rubygem-rack-2.2-2.2.11-1.1 as a component of openSUSE Tumbleweed ruby2.1-rubygem-rack as a component of SUSE OpenStack Cloud Crowbar 8 rubygem-rack as a component of SUSE OpenStack Cloud Crowbar 8 ruby2.1-rubygem-rack as a component of SUSE OpenStack Cloud Crowbar 9 rubygem-rack as a component of SUSE OpenStack Cloud Crowbar 9 Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time. CVE-2013-0263 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:ruby2.1-rubygem-chef-10.32.2-3.1 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:rubygem-chef-10.32.2-3.1 SUSE Linux Enterprise Software Development Kit 11 SP4:rubygem-rack-1_4-1.4.5-0.5.8 SUSE OpenStack Cloud 6:ruby2.1-rubygem-chef-10.32.2-3.2 SUSE OpenStack Cloud 6:ruby2.1-rubygem-chef-expander-10.32.2-1.34 SUSE OpenStack Cloud 6:ruby2.1-rubygem-chef-server-10.32.2-1.1 SUSE OpenStack Cloud 6:ruby2.1-rubygem-chef-server-api-10.32.2-4.2 SUSE OpenStack Cloud 6:ruby2.1-rubygem-chef-solr-10.32.2-1.2 SUSE OpenStack Cloud 6:ruby2.1-rubygem-rack-1.6.4-2.3 SUSE OpenStack Cloud 6:rubygem-chef-10.32.2-3.2 SUSE OpenStack Cloud 6:rubygem-chef-expander-10.32.2-1.34 SUSE OpenStack Cloud 6:rubygem-chef-server-api-10.32.2-4.2 SUSE OpenStack Cloud 6:rubygem-chef-solr-10.32.2-1.2 openSUSE Tumbleweed:ruby2.2-rubygem-rack-2.0.1-1.1 openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_4-1.4.7-1.8 openSUSE Tumbleweed:ruby2.2-rubygem-rack-1_6-1.6.5-1.1 openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-2.0.1-1.1 openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_4-1.4.7-1.8 openSUSE Tumbleweed:ruby2.2-rubygem-rack-doc-1_6-1.6.5-1.1 openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-2.0.1-1.1 openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_4-1.4.7-1.8 openSUSE Tumbleweed:ruby2.2-rubygem-rack-testsuite-1_6-1.6.5-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-rack-2.0.1-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_4-1.4.7-1.8 openSUSE Tumbleweed:ruby2.3-rubygem-rack-1_6-1.6.5-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-2.0.1-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_4-1.4.7-1.8 openSUSE Tumbleweed:ruby2.3-rubygem-rack-doc-1_6-1.6.5-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-2.0.1-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_4-1.4.7-1.8 openSUSE Tumbleweed:ruby2.3-rubygem-rack-testsuite-1_6-1.6.5-1.1 openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.2.3-1.7 openSUSE Tumbleweed:ruby2.7-rubygem-rack-1_6-1.6.13-1.13 openSUSE Tumbleweed:ruby2.7-rubygem-rack-2.0-2.0.9-1.10 openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.2.3-1.7 openSUSE Tumbleweed:ruby3.0-rubygem-rack-1_6-1.6.13-1.13 openSUSE Tumbleweed:ruby3.0-rubygem-rack-2.0-2.0.9-1.10 openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2.3.1-1.1 openSUSE Tumbleweed:ruby3.1-rubygem-rack-2.2-2.2.4-1.1 openSUSE Tumbleweed:ruby3.2-rubygem-rack-3.0.7-1.2 openSUSE Tumbleweed:ruby3.2-rubygem-rack-2.2-2.2.7-1.1 openSUSE Tumbleweed:ruby3.3-rubygem-rack-3.0.9.1-1.1 openSUSE Tumbleweed:ruby3.3-rubygem-rack-2.2-2.2.8.1-1.1 openSUSE Tumbleweed:ruby3.4-rubygem-rack-3.1.12-1.1 openSUSE Tumbleweed:ruby3.4-rubygem-rack-2.2-2.2.11-1.1 SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-rack SUSE OpenStack Cloud Crowbar 8:rubygem-rack SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-rack SUSE OpenStack Cloud Crowbar 9:rubygem-rack moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P