Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5036

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-5036
Last Modified 30 Oct 2013 11:21:36
Published 29 Dec 2011 08:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-5036

Summary

Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Vulnerable Systems

Application

  • Rack Project Rack 1.1.0

  • Rack Project Rack 1.2.0

  • Rack Project Rack 1.2.1

  • Rack Project Rack 1.2.2

  • Rack Project Rack 1.2.3

  • Rack Project Rack 1.2.4

  • Rack Project Rack 1.3.0

  • Rack Project Rack 1.3.1

  • Rack Project Rack 1.3.2

  • Rack Project Rack 1.3.3

  • Rack Project Rack 1.3.4

  • Rack Project Rack 1.3.5

  • Rubyforge Rack 1.1.33

  • Rubyforge Rack 1.2.0

  • Rubyforge Rack 1.2.1

  • Rubyforge Rack 1.2.2

  • Rubyforge Rack 1.2.3

  • Rubyforge Rack 1.2.4

  • Rubyforge Rack 1.3.0

  • Rubyforge Rack 1.3.1

  • Rubyforge Rack 1.3.2

  • Rubyforge Rack 1.3.3

  • Rubyforge Rack 1.3.4

  • Rubyforge Rack 1.3.5


References

CERT-VN - VU#903934

CONFIRM - https://gist.github.com/52bbc6b9cc19ce330829

MISC - http://www.ocert.org/advisories/ocert-2011-003.html

MISC - http://www.nruns.com/_downloads/advisory28122011.pdf

BUGTRAQ - 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table

DEBIAN - DSA-2783


Last Updated: 27 May 2016 10:51:51