cbcvebase.
CVE-2011-5036
published 2011-12-30

CVE-2011-5036: Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash…

PriorityP423medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
4.02%
89.3th percentile
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Affected

16 ranges
VendorProductVersion rangeFixed in
debianruby-rack< ruby-rack 1.4.0-1 (bookworm)ruby-rack 1.4.0-1 (bookworm)
rackrack>= 0 < 1.1.31.1.3
rackrack>= 1.2.0 < 1.2.51.2.5
rackrack>= 1.3.0 < 1.3.61.3.6
rack_projectrack<= 1.1.0
rack_projectrack
rack_projectrack
rack_projectrack
rack_projectrack
rack_projectrack
rack_projectrack
rack_projectrack
rack_projectrack
rack_projectrack
rack_projectrack
rack_projectrack

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.