Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7134

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2013-7134
Last Modified 29 Apr 2014 02:13:53
Published 29 Apr 2014 10:38:46
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-7134

Summary

Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to cookies.

Vulnerable Systems

Application

  • Phusion Juvia -


References

MISC - https://github.com/phusion/juvia/issues/55

MLIST - [oss-security] 20131217 Re: CVE request: Juvia secret token handling

MLIST - [oss-security] 20131216 CVE request: Juvia secret token handling


Last Updated: 27 May 2016 11:05:06