1. CVE-Search
  2. CVE-2016-6582
ID CVE-2016-6582
Summary The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.
References
Vulnerable Configurations
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.1.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.1.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.1.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.1.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.2.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.2.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.3.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.3.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.3.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.3.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.3.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.3.2:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.3.3:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.3.3:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.3.4:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.3.4:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.4.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.4.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.4.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.4.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.4.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.4.2:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.5.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.5.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.5.0:-:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.5.0:-:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.5.0:rc1:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.5.0:rc1:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.0:-:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.0:-:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.0:rc1:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.0:rc1:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.2:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.3:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.3:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.4:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.4:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.5:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.5:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.6:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.6:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.7:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.6.7:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.7.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.7.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.7.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.7.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.7.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.7.2:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.7.3:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.7.3:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:0.7.4:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:0.7.4:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:1.0.0:-:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:1.0.0:-:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:1.0.0:rc1:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:1.0.0:rc1:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:1.0.0:rc2:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:1.0.0:rc2:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:1.1.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:1.1.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:1.2.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:1.2.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:1.3.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:1.3.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:1.3.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:1.3.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:1.4.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:1.4.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:1.4.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:1.4.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:1.4.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:1.4.2:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:2.0.0:-:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:2.0.0:-:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:2.0.0:alpha1:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:2.0.0:alpha1:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:2.0.0:rc1:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:2.0.0:rc1:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:2.0.0:rc2:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:2.0.0:rc2:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:2.0.0:rc3:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:2.0.0:rc3:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:2.0.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:2.0.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:2.1.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:2.1.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:2.1.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:2.1.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:2.1.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:2.1.2:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:2.1.3:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:2.1.3:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:2.1.4:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:2.1.4:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:2.2.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:2.2.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:2.2.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:2.2.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:2.2.2:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:2.2.2:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:3.0.0:-:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:3.0.0:-:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:3.0.0:rc1:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:3.0.0:rc1:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:3.0.0:rc2:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:3.0.0:rc2:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:3.0.1:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:3.0.1:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:3.1.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:3.1.0:*:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:4.0.0:-:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:4.0.0:-:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:4.0.0:rc1:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:4.0.0:rc1:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:4.0.0:rc2:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:4.0.0:rc2:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:4.0.0:rc3:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:4.0.0:rc3:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:4.0.0:rc4:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:4.0.0:rc4:*:*:*:ruby:*:*
  • cpe:2.3:a:doorkeeper_project:doorkeeper:4.1.0:*:*:*:*:ruby:*:*
    cpe:2.3:a:doorkeeper_project:doorkeeper:4.1.0:*:*:*:*:ruby:*:*
CVSS
Base: 6.4 (as of 09-10-2018 - 20:00)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:P
refmap via4
bid 92551
bugtraq 20160818 [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method
confirm
fulldisc 20160822 [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method
misc http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html
Last major update 09-10-2018 - 20:00
Published 23-01-2017 - 21:59
Last modified 09-10-2018 - 20:00
Back to Top