Method vulnerable to DoS attack RB-S1004

The methods authenticate_or_request_with_http_digest and authenticate_with_http_digest methods in Ruby on Rails version 3.x are vulnerable to a Denial-of-Service (DoS) attack due to a design flaw in the HTTP Digest authentication mechanism.

This vulnerability has been assigned the CVE identifier CVE-2012-3424.

Versions Affected: 3.x. Not affected: 2.3.5 - 2.3.14 Fixed Versions: 3.0.16, 3.1.7, 3.2.7

References

1. Ruby on Rails DoS Vulnerability in authenticateorrequestwithhttp_digest (CVE-2012-3424)
2. CVE-2012-3424