class Dawn::Kb::CVE_2011_5036
Automatically created with rake on 2014-02-06
Public Class Methods
new()
click to toggle source
Calls superclass method
Dawn::Kb::DependencyCheck::new
# File lib/dawn/kb/cve_2011_5036.rb, line 7 def initialize message = "Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters." super({ :name=>"CVE-2011-5036", :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P", :release_date => Date.new(2011, 12, 30), :cwe=>"310", :owasp=>"A9", :applies=>["rails", "sinatra", "padrino"], :kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK, :message=>message, :mitigation=>"Please upgrade rack version up to version 1.3.6, 1.2.5, 1.1.3 or higher.", :aux_links=>["https://gist.github.com/52bbc6b9cc19ce330829"] }) self.safe_dependencies = [{:name=>"rack", :version=>['1.3.6', '1.2.5', '1.1.3', '1.0.9999', '0.9.9999', '0.4.9999', '0.3.9999', '0.2.9999', '0.1.9999']}] end