← Back

CVE-2011-5036

nvd nist
Published: Dec 30, 2011Modified: Apr 29, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:N/A:P
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Affected (12)

Products: Rack Project: Rack
Rack Project
1 product
Rack
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Rack Project
Rack
Up to 1.1.0
Rack
Version 1.2.0
Rack
Version 1.2.1
Rack
Version 1.2.2
Rack
Version 1.2.3
Rack
Version 1.2.4
Rack
Version 1.3.0
Rack
Version 1.3.1
Rack
Version 1.3.2
Rack
Version 1.3.3
Rack
Version 1.3.4
Rack
Version 1.3.5

Related CWEs

CWE-310
CWE-310

References (12)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
US Government Resource
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit

Timeline

No history available yet.