View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2013-0263 severity moderate: SUSE including 49 source package names (ruby2.1-rubygem-chef-10.32.2-3.1, ruby2.1-rubygem-chef-10.32.2-3.2, …), 51 product×package rows across 6 product lines (SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5, SUSE Linux Enterprise Software Development Kit 11 SP4, … (6 product lines)): Fixed 47, Known Not Affected 4.
Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.