1
Candidate: CVE-2011-5036
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5036
5
http://www.kb.cert.org/vuls/id/903934
6
https://gist.github.com/52bbc6b9cc19ce330829
7
http://www.ocert.org/advisories/ocert-2011-003.html
8
http://www.nruns.com/_downloads/advisory28122011.pdf
10
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash
11
values for form parameters without restricting the ability to trigger hash
12
collisions predictably, which allows remote attackers to cause a denial of
13
service (CPU consumption) by sending many crafted parameters.
22
upstream_ruby-rack: released (1.3.6)
25
maverick_ruby-rack: DNE
27
oneiric_ruby-rack: DNE
28
precise_ruby-rack: ignored (reached end-of-life)
29
precise/esm_ruby-rack: DNE (precise was needed)
30
quantal_ruby-rack: not-affected (1.4.1-1)
31
raring_ruby-rack: not-affected (1.4.1-1)
32
saucy_ruby-rack: not-affected (1.4.1-1)
33
trusty_ruby-rack: not-affected (1.4.1-1)
34
utopic_ruby-rack: not-affected (1.4.1-1)
35
vivid_ruby-rack: not-affected (1.4.1-1)
36
vivid/stable-phone-overlay_ruby-rack: DNE
37
vivid/ubuntu-core_ruby-rack: DNE
38
wily_ruby-rack: not-affected (1.4.1-1)
39
xenial_ruby-rack: not-affected (1.4.1-1)
40
yakkety_ruby-rack: not-affected (1.4.1-1)
41
zesty_ruby-rack: not-affected (1.4.1-1)
42
devel_ruby-rack: not-affected (1.4.1-1)