Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4838

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2011-4838
Last Modified 04 Apr 2013 11:06:42
Published 29 Dec 2011 08:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4838

Summary

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Vulnerable Systems

Application

  • Jruby 0.9.0

  • Jruby 0.9.1

  • Jruby 0.9.2

  • Jruby 0.9.8

  • Jruby 0.9.9

  • Jruby 1.0

  • Jruby 1.0.0

  • Jruby 1.0.1

  • Jruby 1.0.2

  • Jruby 1.0.3

  • Jruby 1.1

  • Jruby 1.1.1

  • Jruby 1.1.2

  • Jruby 1.1.3

  • Jruby 1.1.4

  • Jruby 1.1.5

  • Jruby 1.1.6

  • Jruby 1.2.0

  • Jruby 1.3.0

  • Jruby 1.3.1

  • Jruby 1.4.0

  • Jruby 1.4.1

  • Jruby 1.5.0

  • Jruby 1.5.1

  • Jruby 1.5.2

  • Jruby 1.5.3

  • Jruby 1.5.4

  • Jruby 1.5.5

  • Jruby 1.5.6

  • Jruby 1.6.0

  • Jruby 1.6.1

  • Jruby 1.6.2

  • Jruby 1.6.3

  • Jruby 1.6.4

  • Jruby 1.6.5


References

CERT-VN - VU#903934

MISC - http://www.ocert.org/advisories/ocert-2011-003.html

MISC - http://www.nruns.com/_downloads/advisory28122011.pdf

XF - jruby-hash-dos(72019)

SECUNIA - 47407

CONFIRM - http://jruby.org/2011/12/27/jruby-1-6-5-1.html

BUGTRAQ - 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table

SECUNIA - 50084

REDHAT - RHSA-2012:1232

GENTOO - GLSA-201207-06


Last Updated: 27 May 2016 10:57:58