Rack Hash Collision Denial Of Service Vulnerability

Bugtraq ID:	51197
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2011-5036
Remote:	Yes
Local:	No
Published:	Dec 29 2011 12:00AM
Updated:	Apr 13 2015 09:21PM
Credit:	Alexander Klink, n.runs AG and Julian Wälde, Technische Universität Darmstadt
Vulnerable:	Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 Christian Neukirchen Rack 1.2 Christian Neukirchen Rack 1.1 Christian Neukirchen Rack 1.0.1 Christian Neukirchen Rack 1.0 Christian Neukirchen Rack 1.3.5 Christian Neukirchen Rack 1.2.4 Christian Neukirchen Rack 1.1.2
Not Vulnerable:	Christian Neukirchen Rack 1.4.0 Christian Neukirchen Rack 1.3.6 Christian Neukirchen Rack 1.2.5 Christian Neukirchen Rack 1.1.3

Rack Hash Collision Denial Of Service Vulnerability

Rack is prone to a denial-of-service vulnerability.

An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests.

Rack Hash Collision Denial Of Service Vulnerability

An attacker can use readily available tools to exploit this issue.

Rack Hash Collision Denial Of Service Vulnerability

Solution:
Updates are available. Please see the references for more information.

Rack Hash Collision Denial Of Service Vulnerability

References:

• GIT Commit: Limit the size of parameter keys (Evan Phoenix)
  
• n.runs-SA-2011.004 28-Dec-2011 (n.runs AG)
  
• Rack: a Ruby Webserver Interface Homepage (Christian Neukirchen)
  
• #2011-003 multiple implementations denial-of-service via hash algorithm collisio (oCERT)