CVE-2011-5036

Description

Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Related CPE's

arack_projectrack1.3.1*******

arack_projectrack********

arack_projectrack1.2.3*******

arack_projectrack1.3.2*******

arack_projectrack1.2.0*******

arack_projectrack1.3.5*******

arack_projectrack1.2.1*******

arack_projectrack1.3.0*******

arack_projectrack1.2.4*******

arack_projectrack1.3.4*******

References

VU#903934

US Government Resource

https://gist.github.com/52bbc6b9cc19ce330829

Exploit

http://www.ocert.org/advisories/ocert-2011-003.html

http://www.nruns.com/_downloads/advisory28122011.pdf

20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table

DSA-2783

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:N/I:N/A:P

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

NONE

AvailabilityImpact

PARTIAL

BaseScore

5

Created by Yello
About Severity.io