Veracode Vulnerability DatabaseVERACODE:14585Denial Of Service (DoS)
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
ruby is vulnerable to denial of service. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time.
References
2012.appsec-forum.ch/conferences/#c17
asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf
secunia.com/advisories/51253
securitytracker.com/id?1027747
www.ocert.org/advisories/ocert-2012-001.html
www.osvdb.org/87280
www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371/
www.securityfocus.com/bid/56484
www.ubuntu.com/usn/USN-1733-1
access.redhat.com/knowledge/docs/
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=875236
bugzilla.redhat.com/show_bug.cgi?id=887353
bugzilla.redhat.com/show_bug.cgi?id=889426
bugzilla.redhat.com/show_bug.cgi?id=895347
bugzilla.redhat.com/show_bug.cgi?id=895355
bugzilla.redhat.com/show_bug.cgi?id=902412
bugzilla.redhat.com/show_bug.cgi?id=902630
bugzilla.redhat.com/show_bug.cgi?id=903526
bugzilla.redhat.com/show_bug.cgi?id=903546
bugzilla.redhat.com/show_bug.cgi?id=905021
bugzilla.redhat.com/show_bug.cgi?id=905656
bugzilla.redhat.com/show_bug.cgi?id=906227
bugzilla.redhat.com/show_bug.cgi?id=906845
exchange.xforce.ibmcloud.com/vulnerabilities/79993
rhn.redhat.com/errata/RHSA-2013-0582.html
www.131002.net/data/talks/appsec12_slides.pdf
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P