Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2016-6582

Good to know:

icon

Date: January 23, 2017

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.

Language: Ruby

Severity Score

Related Resources (15)

https://github.com/advisories/GHSA-5p9f-55j8-922m
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/doorkeeper/CVE-2016-6582.yml
https://nvd.nist.gov/vuln/detail/CVE-2016-6582
http://www.securityfocus.com/archive/1/539268/100/0/threaded
https://github.com/advisories/GHSA-3m6r-39p3-jq25
https://github.com/doorkeeper-gem/doorkeeper
https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0
http://www.securityfocus.com/bid/92551
https://github.com/doorkeeper-gem/doorkeeper/issues/875
https://web.archive.org/web/20201207202519/http://www.securityfocus.com/archive/1/539268/100/0/threaded
http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html
http://seclists.org/fulldisclosure/2016/Aug/105
http://www.openwall.com/lists/oss-security/2016/08/19/2
https://web.archive.org/web/20170214021758/http://www.securityfocus.com/bid/92551
https://www.mend.io/vulnerability-database/CVE-2016-6582

Severity Score

Weakness Type (CWE)

Security Features

CWE-254

Incorrect Comparison Logic Granularity

CWE-1254

Top Fix

icon

Upgrade Version

Upgrade to version 4.2.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us