CVE Vulnerabilities

CVE-2015-7576

Published: Feb 16, 2016 | Modified: Aug 08, 2019
CVSS 3.x
3.7
LOW
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences.

Affected Software

Name Vendor Start Version End Version
Ruby_on_rails Rubyonrails 4.0.13 4.0.13
Ruby_on_rails Rubyonrails 4.0.13 4.0.13
Ruby_on_rails Rubyonrails 4.0.12 4.0.12
Ruby_on_rails Rubyonrails 4.0.10 4.0.10
Ruby_on_rails Rubyonrails 4.0.11.1 4.0.11.1
Ruby_on_rails Rubyonrails 4.0.11 4.0.11
Ruby_on_rails Rubyonrails 4.1.11 4.1.11
Ruby_on_rails Rubyonrails * 3.2.22
Rails Rubyonrails 4.0.0 4.0.0
Rails Rubyonrails 4.0.1 4.0.1
Rails Rubyonrails 4.0.2 4.0.2
Rails Rubyonrails 4.0.6 4.0.6
Rails Rubyonrails 4.1.0 4.1.0
Rails Rubyonrails 4.1.0 4.1.0
Rails Rubyonrails 4.1.0 4.1.0
Rails Rubyonrails 4.1.0 4.1.0
Rails Rubyonrails 4.1.2 4.1.2
Rails Rubyonrails 4.1.2 4.1.2
Rails Rubyonrails 4.1.2 4.1.2
Rails Rubyonrails 4.1.2 4.1.2
Rails Rubyonrails 4.1.6 4.1.6
Rails Rubyonrails 4.1.6 4.1.6
Rails Rubyonrails 4.1.6 4.1.6
Rails Rubyonrails 4.1.9 4.1.9
Rails Rubyonrails 4.1.9 4.1.9
Rails Rubyonrails 4.1.10 4.1.10
Rails Rubyonrails 4.1.10 4.1.10
Rails Rubyonrails 4.1.10 4.1.10
Rails Rubyonrails 4.1.10 4.1.10
Rails Rubyonrails 4.1.10 4.1.10
Rails Rubyonrails 4.1.12 4.1.12
Rails Rubyonrails 4.1.12 4.1.12
Rails Rubyonrails 4.1.13 4.1.13
Rails Rubyonrails 4.1.13 4.1.13
Rails Rubyonrails 4.1.14 4.1.14
Rails Rubyonrails 4.1.14 4.1.14
Rails Rubyonrails 4.1.14 4.1.14
Rails Rubyonrails 4.2.0 4.2.0
Rails Rubyonrails 4.2.0 4.2.0
Rails Rubyonrails 4.2.0 4.2.0
Rails Rubyonrails 4.2.0 4.2.0
Rails Rubyonrails 4.2.0 4.2.0
Rails Rubyonrails 4.2.0 4.2.0
Rails Rubyonrails 4.2.0 4.2.0
Rails Rubyonrails 4.2.0 4.2.0
Rails Rubyonrails 4.2.1 4.2.1
Rails Rubyonrails 4.2.1 4.2.1
Rails Rubyonrails 4.2.1 4.2.1
Rails Rubyonrails 4.2.1 4.2.1
Rails Rubyonrails 4.2.1 4.2.1
Rails Rubyonrails 4.2.3 4.2.3
Rails Rubyonrails 4.2.3 4.2.3
Rails Rubyonrails 4.2.4 4.2.4
Rails Rubyonrails 4.2.4 4.2.4
Rails Rubyonrails 4.2.5 4.2.5
Rails Rubyonrails 4.2.5 4.2.5
Rails Rubyonrails 4.2.5 4.2.5
Rails Rubyonrails 5.0.0 5.0.0
Rails Rubyonrails 4.0.7 4.0.7
Rails Rubyonrails 4.0.8 4.0.8
Rails Rubyonrails 4.0.9 4.0.9
Rails Rubyonrails 4.1.1 4.1.1
Rails Rubyonrails 4.1.3 4.1.3
Rails Rubyonrails 4.1.4 4.1.4
Rails Rubyonrails 4.1.5 4.1.5
Rails Rubyonrails 4.1.7 4.1.7
Rails Rubyonrails 4.1.7.1 4.1.7.1
Rails Rubyonrails 4.1.8 4.1.8
Rails Rubyonrails 4.2.2 4.2.2
Rails Rubyonrails 4.0.0 4.0.0
Rails Rubyonrails 4.0.0 4.0.0
Rails Rubyonrails 4.0.0 4.0.0
Rails Rubyonrails 4.0.1 4.0.1
Rails Rubyonrails 4.0.1 4.0.1
Rails Rubyonrails 4.0.1 4.0.1
Rails Rubyonrails 4.0.1 4.0.1
Rails Rubyonrails 4.0.4 4.0.4
Rails Rubyonrails 4.0.4 4.0.4
Rails Rubyonrails 4.0.6 4.0.6
Rails Rubyonrails 4.0.6 4.0.6
Rails Rubyonrails 4.0.6 4.0.6
Rails Rubyonrails 4.0.3 4.0.3
Rails Rubyonrails 4.0.5 4.0.5
Rails Rubyonrails 4.0.10 4.0.10
Rails Rubyonrails 4.0.10 4.0.10
Rails Rubyonrails 4.1.0 4.1.0

References