CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
81.8%
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash
values for form parameters without restricting the ability to trigger hash
collisions predictably, which allows remote attackers to cause a denial of
service (CPU consumption) by sending many crafted parameters.
www.kb.cert.org/vuls/id/903934
www.nruns.com/_downloads/advisory28122011.pdf
www.ocert.org/advisories/ocert-2011-003.html
gist.github.com/52bbc6b9cc19ce330829
launchpad.net/bugs/cve/CVE-2011-5036
nvd.nist.gov/vuln/detail/CVE-2011-5036
security-tracker.debian.org/tracker/CVE-2011-5036
www.cve.org/CVERecord?id=CVE-2011-5036