class Dawn::Kb::CVE_2015_7576

Automatically created with rake on 2016-01-28

Public Class Methods

new() click to toggle source

include RubyVersionCheck

Calls superclass method Dawn::Kb::DependencyCheck::new
# File lib/dawn/kb/cve_2015_7576.rb, line 10
                      def initialize
message = "There is a timing attack vulnerability in the basic authentication support in Action Controller. Due to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password."
super({
  :title=>title,
  :name=> "CVE-2015-7576",
  :cve=>"2015-7576",
  :osvdb=>"",
  :cvss=>"",
  :release_date => Date.new(2016, 1, 26),
  :cwe=>"",
  :owasp=>"A9",
  :applies=>["rails", "sinatra", "padrino"],
  :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
  :message=>message,
  :mitigation=>"Please upgrade actionpack gem to version 3.2.22.1, 4.1.14.1, 4.2.5.1, 5.0.0.beta1.1 or later.",
  :aux_links=>["http://securitytracker.com/id/1034816"]
 })
self.save_minor=true
self.save_major=true
self.safe_dependencies = [{:name=>"actionpack", :version=>['3.2.22.1', '4.1.14.1', '4.2.5.1', '5.0.0.beta1.1']}]


                      end