Sha256: 42aba0ca8be4fbf7f2aafc1850327a15dacb85645ca324171edd4548822bc398

Contents?: true

Size: 1.16 KB

Versions: 19

Compression:

Stored size: 1.16 KB

Contents

	module Dawn
		module Kb
			# Automatically created with rake on 2014-02-06
			class CVE_2011_5036
				include DependencyCheck

				def initialize
          message = "Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters."

          super({
            :name=>"CVE-2011-5036",
            :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
            :release_date => Date.new(2011, 12, 30),
            :cwe=>"310",
            :owasp=>"A9", 
            :applies=>["rails", "sinatra", "padrino"],
            :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
            :message=>message,
            :mitigation=>"Please upgrade rack version up to version 1.3.6, 1.2.5, 1.1.3 or higher.",
            :aux_links=>["https://gist.github.com/52bbc6b9cc19ce330829"]
          })
          self.safe_dependencies = [{:name=>"rack", :version=>['1.3.6', '1.2.5', '1.1.3', '1.0.9999', '0.9.9999', '0.4.9999', '0.3.9999', '0.2.9999', '0.1.9999']}]
				end
			end
		end
	end

Version data entries

19 entries across 19 versions & 1 rubygems

Version Path
dawnscanner-1.6.9 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.6.8 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.6.7 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.6.6 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.6.5 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.6.4 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.6.3 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.6.2 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.6.1 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.6.0 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.5.2 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.5.1 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.5.0 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.4.2 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.4.1 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.4.0 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.3.5 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.3.1 lib/dawn/kb/cve_2011_5036.rb
dawnscanner-1.3.0 lib/dawn/kb/cve_2011_5036.rb