CVE-2016-4442 - Vulnerability Details - OpenCVE

The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Miniprofiler	Rack-mini-profiler

Configuration 1 [-]

cpe:2.3:a:miniprofiler:rack-mini-profiler:*:*:*:*:*:ruby:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2016/06/10/2
https://github.com/MiniProfiler/rack-mini-profiler/blob/v0.10.1/CHANGELOG.md
https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2017-05-02T14:00:00

Updated: 2024-08-06T00:32:24.643Z

Reserved: 2016-05-02T00:00:00

Link: CVE-2016-4442

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-05-02T14:59:00.330

Modified: 2025-04-20T01:37:25.860

Link: CVE-2016-4442

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-06-10T00:00:00", "descriptions": [{"lang": "en", "value": "The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-05-02T13:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/MiniProfiler/rack-mini-profiler/blob/v0.10.1/CHANGELOG.md"}, {"name": "[oss-security] 20160610 Ruby gem rack-mini-profiler CVE-2016-4442", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/06/10/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2016-4442", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/MiniProfiler/rack-mini-profiler/blob/v0.10.1/CHANGELOG.md", "refsource": "CONFIRM", "url": "https://github.com/MiniProfiler/rack-mini-profiler/blob/v0.10.1/CHANGELOG.md"}, {"name": "[oss-security] 20160610 Ruby gem rack-mini-profiler CVE-2016-4442", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/06/10/2"}, {"name": "https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c", "refsource": "CONFIRM", "url": "https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:32:24.643Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/MiniProfiler/rack-mini-profiler/blob/v0.10.1/CHANGELOG.md"}, {"name": "[oss-security] 20160610 Ruby gem rack-mini-profiler CVE-2016-4442", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/10/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-4442", "datePublished": "2017-05-02T14:00:00", "dateReserved": "2016-05-02T00:00:00", "dateUpdated": "2024-08-06T00:32:24.643Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:miniprofiler:rack-mini-profiler:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "EA6A9C98-1E40-4D23-B5D5-4B25550B34A5", "versionEndIncluding": "0.9.9.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks."}, {"lang": "es", "value": "La gema rack-mini-profiler anterior a 0.10.1 para Ruby permite a atacantes remotos obtener informaci\u00f3n sensible acerca de las cadenas almacenadas y objetos a trav\u00e9s de la ordenaci\u00f3n incorrecta de los checks de seguridad."}], "id": "CVE-2016-4442", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}]}, "published": "2017-05-02T14:59:00.330", "references": [{"source": "[email protected]", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/10/2"}, {"source": "[email protected]", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/MiniProfiler/rack-mini-profiler/blob/v0.10.1/CHANGELOG.md"}, {"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/06/10/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/MiniProfiler/rack-mini-profiler/blob/v0.10.1/CHANGELOG.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/MiniProfiler/rack-mini-profiler/commit/4273771d65f1a7411e3ef5843329308d0e2d257c"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "[email protected]", "type": "Primary"}]}