Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2011-5036

Published: 30/12/2011 Updated: 31/10/2013
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Rack

Vulnerability Summary

Rack prior to 1.1.3, 1.2.x prior to 1.2.5, and 1.3.x prior to 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote malicious users to cause a denial of service (CPU consumption) by sending many crafted parameters.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rack project rack 1.3.0

rack project rack 1.3.1

rack project rack 1.2.0

rack project rack 1.2.1

rack project rack 1.3.4

rack project rack 1.3.5

rack project rack 1.2.2

rack project rack 1.2.3

rack project rack 1.2.4

rack project rack

rack project rack 1.3.2

rack project rack 1.3.3

Vendor Advisories

Debian CVElist Bug Report Logs: ruby-rack predictable hash collisions
Debian Bug report logs - #653963 ruby-rack predictable hash collisions Package: ruby-rack; Maintainer for ruby-rack is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Source for ruby-rack is src:ruby-rack (PTS, buildd, popcon) Reported by: Thijs Kinkhorst <thijs@debianorg> Date: ...
Debian Security Advisories: DSA-2783-1 librack-ruby -- several vulnerabilities
Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface The Common Vulnerabilites and Exposures project identifies the following vulnerabilities: CVE-2011-5036 Rack computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers ...

References

CWE-310http://www.kb.cert.org/vuls/id/903934https://gist.github.com/52bbc6b9cc19ce330829http://www.ocert.org/advisories/ocert-2011-003.htmlhttp://www.nruns.com/_downloads/advisory28122011.pdfhttp://archives.neohapsis.com/archives/bugtraq/2011-12/0181.htmlhttp://www.debian.org/security/2013/dsa-2783https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653963https://nvd.nist.govhttps://www.debian.org/security/./dsa-2783
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook