Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:33
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html - | |
References | () http://www.debian.org/security/2013/dsa-2783 - | |
References | () http://www.kb.cert.org/vuls/id/903934 - US Government Resource | |
References | () http://www.nruns.com/_downloads/advisory28122011.pdf - | |
References | () http://www.ocert.org/advisories/ocert-2011-003.html - | |
References | () https://gist.github.com/52bbc6b9cc19ce330829 - Exploit |
Information
Published : 2011-12-30 01:55
Updated : 2024-11-21 01:33
NVD link : CVE-2011-5036
Mitre link : CVE-2011-5036
CVE.ORG link : CVE-2011-5036
JSON object : View
Products Affected
rack_project
- rack
CWE
CWE-310
Cryptographic Issues