Rubinius Hash Collision Denial Of Service Vulnerability
BID:51196
Info
Rubinius Hash Collision Denial Of Service Vulnerability
| Bugtraq ID: | 51196 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 29 2011 12:00AM |
| Updated: | Dec 29 2011 12:00AM |
| Credit: | Alexander Klink, n.runs AG and Julian Wälde, Technische Universität Darmstadt |
| Vulnerable: |
Rubinius Rubinius 1.2.4 |
| Not Vulnerable: | |
Discussion
Rubinius Hash Collision Denial Of Service Vulnerability
Rubinius is prone to a denial-of-service vulnerability.
An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests.
Rubinius 1.2.4 and prior versions are vulnerable.
Rubinius is prone to a denial-of-service vulnerability.
An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests.
Rubinius 1.2.4 and prior versions are vulnerable.
Exploit / POC
Rubinius Hash Collision Denial Of Service Vulnerability
An attacker can use readily available tools to exploit this issue.
An attacker can use readily available tools to exploit this issue.
Solution / Fix
Rubinius Hash Collision Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Rubinius Hash Collision Denial Of Service Vulnerability
References:
References:
- n.runs-SA-2011.004 28-Dec-2011 (n.runs AG)
- Rubinius Homepage (Rubinius)
- #2011-003 multiple implementations denial-of-service via hash algorithm collisio (oCERT)