Test Kennung:	1.3.6.1.4.1.25623.1.0.70754
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: jruby
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: jruby ruby ruby+nopthreads ruby+nopthreads+oniguruma ruby+oniguruma rubygem-rack v8 redis node CVE-2011-4838 JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. CVE-2011-4815 Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. CVE-2011-5036 Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. CVE-2011-5037 Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4838 Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search) http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html CERT/CC vulnerability note: VU#903934 http://www.kb.cert.org/vuls/id/903934 http://security.gentoo.org/glsa/glsa-201207-06.xml http://www.nruns.com/_downloads/advisory28122011.pdf http://www.ocert.org/advisories/ocert-2011-003.html RedHat Security Advisories: RHSA-2012:1232 http://rhn.redhat.com/errata/RHSA-2012-1232.html http://secunia.com/advisories/47407 http://secunia.com/advisories/50084 XForce ISS Database: jruby-hash-dos(72019) https://exchange.xforce.ibmcloud.com/vulnerabilities/72019 Common Vulnerability Exposure (CVE) ID: CVE-2011-4815 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://jvn.jp/en/jp/JVN90615481/index.html http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606 RedHat Security Advisories: RHSA-2012:0069 http://rhn.redhat.com/errata/RHSA-2012-0069.html RedHat Security Advisories: RHSA-2012:0070 http://rhn.redhat.com/errata/RHSA-2012-0070.html http://www.securitytracker.com/id?1026474 http://secunia.com/advisories/47405 http://secunia.com/advisories/47822 XForce ISS Database: ruby-hash-dos(72020) https://exchange.xforce.ibmcloud.com/vulnerabilities/72020 Common Vulnerability Exposure (CVE) ID: CVE-2011-5036 Debian Security Information: DSA-2783 (Google Search) http://www.debian.org/security/2013/dsa-2783 Common Vulnerability Exposure (CVE) ID: CVE-2011-5037
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.