Vulnerability in Rack_project Rack
CVE-2011-5036
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.040 (89.3th percentile) — read the EPSS interpretation.
Affected products
- Rack_project Rack — versions 1.2.0, 1.2.1, 1.2.2
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM, Exploit)
- cve@mitre.org (US Government Resource, x_refsource_CERT-VN, third-party-advisory)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)
- cve@mitre.org (x_refsource_MISC)