NVD

Id
11154  
Name
CVE-2011-4815  
Description
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.  
Reject
 
CVSS Version
2  
CVSS Score
7.8  
Severity
High  
CVSS Base Score
7.8  
CVSS Impact Subscore
6.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:C)  
Pub Date
2017-01-07  
Published
2011-12-29  
Modified Date
2013-01-29  
Seq
2011-4815  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
61822 11154 CVE-2011-4815 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table  View
61823 11154 CVE-2011-4815 [ruby-talk] 20111228 [ANN] ruby 1.8.7 patchlevel 357 released  View
61824 11154 CVE-2011-4815 JVN#90615481  View
61825 11154 CVE-2011-4815 JVNDB-2012-000066  View
61826 11154 CVE-2011-4815 APPLE-SA-2012-05-09-1  View
61827 11154 CVE-2011-4815 RHSA-2012:0069  View
61828 11154 CVE-2011-4815 RHSA-2012:0070  View
61829 11154 CVE-2011-4815 http://support.apple.com/kb/HT5281  View
61830 11154 CVE-2011-4815 VU#903934  View
61831 11154 CVE-2011-4815 http://www.nruns.com/_downloads/advisory28122011.pdf  View
61832 11154 CVE-2011-4815 http://www.ocert.org/advisories/ocert-2011-003.html  View
61833 11154 CVE-2011-4815 http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/  View
61834 11154 CVE-2011-4815 1026474  View
61835 11154 CVE-2011-4815 ruby-hash-dos(72020)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
25244 JVNDB-2012-000066 Ruby のハッシュ関数の実装におけるサービス運用妨害 (DoS) の脆弱性 Ruby のハッシュ関数の実装には、サービス運用妨害 (DoS) の脆弱性が存在します。 CVE-2011-4815 52722 CVE-2011-4815 11154 5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html 2012-07-06 2012-07-06 View
33323 JVNDB-2011-003563 ** 削除 ** Ruby におけるサービス運用妨害 (CPU 資源の消費) の脆弱性 ** 削除 ** 本案件は、早期警戒パートナーシップに基づく JVN の脆弱性レポート JVN#90615481 の公開に伴い、JVNDB-2012-000066 へ内容を移行しました。JVNDB-2012-000066 を参照してください。 CVE-2011-4815 52722 CVE-2011-4815 11154 N/A http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003563.html 2011-12-30 2012-07-06 View