Vulnerability CVE-2011-5036
Published: 2011-12-29   Modified: 2012-02-13

Description:
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Rubyforge -> RACK 
Rack project -> RACK 

 References:
http://www.kb.cert.org/vuls/id/903934
https://gist.github.com/52bbc6b9cc19ce330829
http://www.ocert.org/advisories/ocert-2011-003.html
http://www.nruns.com/_downloads/advisory28122011.pdf
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
Copyright 2024, cxsecurity.com

 

Back to Top