Lucene search

K

[email protected]NVD:CVE-2011-5036

HistoryDec 30, 2011 - 1:55 a.m.

CVE-2011-5036

2011-12-3001:55:01

CWE-310

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.8%

Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Affected configurations

NVD

Node

rack_projectrackRange≤1.1.0

OR

rack_projectrackMatch1.2.0

OR

rack_projectrackMatch1.2.1

OR

rack_projectrackMatch1.2.2

OR

rack_projectrackMatch1.2.3

OR

rack_projectrackMatch1.2.4

OR

rack_projectrackMatch1.3.0

OR

rack_projectrackMatch1.3.1

OR

rack_projectrackMatch1.3.2

OR

rack_projectrackMatch1.3.3

OR

rack_projectrackMatch1.3.4

OR

rack_projectrackMatch1.3.5

References

archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

www.debian.org/security/2013/dsa-2783

www.kb.cert.org/vuls/id/903934

www.nruns.com/_downloads/advisory28122011.pdf

www.ocert.org/advisories/ocert-2011-003.html

gist.github.com/52bbc6b9cc19ce330829

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.8%

Related for NVD:CVE-2011-5036

cve1 openvas12 fedora3 ubuntucve1 nessus5 prion1 osv2 gentoo1 cvelist1 debiancve1 github1 rubygems1 debian3 securityvulns2 freebsd1