Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2011-5036
Description:Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Test IDs: 1.3.6.1.4.1.25623.1.0.70754   1.3.6.1.4.1.25623.1.0.71189   1.3.6.1.4.1.25623.1.0.892783   1.3.6.1.4.1.25623.1.0.863686   1.3.6.1.4.1.25623.1.0.863775   1.3.6.1.4.1.25623.1.0.702783  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2011-5036
Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
CERT/CC vulnerability note: VU#903934
http://www.kb.cert.org/vuls/id/903934
Debian Security Information: DSA-2783 (Google Search)
http://www.debian.org/security/2013/dsa-2783
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html




© 1998-2021 E-Soft Inc. All rights reserved.