[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195521

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-5036Date: (C)2011-12-29   (M)2023-12-22


Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
DSA-2783
VU#903934
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
https://gist.github.com/52bbc6b9cc19ce330829

CPE    11
cpe:/a:rack_project:rack:1.2.0
cpe:/a:rack_project:rack:1.3.4
cpe:/a:rack_project:rack:1.3.5
cpe:/a:rack_project:rack:1.3.0
...
CWE    1
CWE-310
OVAL    5
oval:org.secpod.oval:def:103371
oval:org.secpod.oval:def:103455
oval:org.secpod.oval:def:104524
oval:org.secpod.oval:def:601134
...

© SecPod Technologies