Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.70754
Category:FreeBSD Local Security Checks
Title:FreeBSD Ports: jruby
Summary:The remote host is missing an update to the system; as announced in the referenced advisory.
Description:Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

jruby
ruby
ruby+nopthreads
ruby+nopthreads+oniguruma
ruby+oniguruma
rubygem-rack
v8
redis
node

CVE-2011-4838
JRuby before 1.6.5.1 computes hash values without restricting the
ability to trigger hash collisions predictably, which allows
context-dependent attackers to cause a denial of service (CPU
consumption) via crafted input to an application that maintains a hash
table.

CVE-2011-4815
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without
restricting the ability to trigger hash collisions predictably, which
allows context-dependent attackers to cause a denial of service (CPU
consumption) via crafted input to an application that maintains a hash
table.

CVE-2011-5036
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes
hash values for form parameters without restricting the ability to
trigger hash collisions predictably, which allows remote attackers to
cause a denial of service (CPU consumption) by sending many crafted
parameters.

CVE-2011-5037
Google V8 computes hash values for form parameters without restricting
the ability to trigger hash collisions predictably, which allows
remote attackers to cause a denial of service (CPU consumption) by
sending many crafted parameters, as demonstrated by attacks against
Node.js.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-4838
Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
CERT/CC vulnerability note: VU#903934
http://www.kb.cert.org/vuls/id/903934
http://security.gentoo.org/glsa/glsa-201207-06.xml
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
RedHat Security Advisories: RHSA-2012:1232
http://rhn.redhat.com/errata/RHSA-2012-1232.html
http://secunia.com/advisories/47407
http://secunia.com/advisories/50084
XForce ISS Database: jruby-hash-dos(72019)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72019
Common Vulnerability Exposure (CVE) ID: CVE-2011-4815
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://jvn.jp/en/jp/JVN90615481/index.html
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606
RedHat Security Advisories: RHSA-2012:0069
http://rhn.redhat.com/errata/RHSA-2012-0069.html
RedHat Security Advisories: RHSA-2012:0070
http://rhn.redhat.com/errata/RHSA-2012-0070.html
http://www.securitytracker.com/id?1026474
http://secunia.com/advisories/47405
http://secunia.com/advisories/47822
XForce ISS Database: ruby-hash-dos(72020)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72020
Common Vulnerability Exposure (CVE) ID: CVE-2011-5036
Debian Security Information: DSA-2783 (Google Search)
http://www.debian.org/security/2013/dsa-2783
Common Vulnerability Exposure (CVE) ID: CVE-2011-5037
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.