NVD

Id
11296  
Name
CVE-2011-5036  
Description
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-07  
Published
2011-12-29  
Modified Date
2013-10-30  
Seq
2011-5036  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
62460 11296 CVE-2011-5036 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table  View
62461 11296 CVE-2011-5036 DSA-2783  View
62462 11296 CVE-2011-5036 VU#903934  View
62463 11296 CVE-2011-5036 http://www.nruns.com/_downloads/advisory28122011.pdf  View
62464 11296 CVE-2011-5036 http://www.ocert.org/advisories/ocert-2011-003.html  View
62465 11296 CVE-2011-5036 https://gist.github.com/52bbc6b9cc19ce330829  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
33328 JVNDB-2011-003568 Rack におけるサービス運用妨害 (CPU 資源の消費) の脆弱性 Rack は、ハッシュ衝突を想定した制限を行わずにフォームパラメータのハッシュ値を算出するため、サービス運用妨害 (CPU 資源の消費) 状態となる脆弱性が存在します。 CVE-2011-5036 52943 CVE-2011-5036 11296 5 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003568.html 2011-12-30 2012-01-04 View