Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ge4d-a8z8-m3c6
Vulnerability ID VCID-ge4d-a8z8-m3c6
Aliases CVE-2011-5036
GHSA-v6j3-7jrw-hq2p
OSV-78121
Summary Hash Collision Form Parameter Parsing Remote DoS This package contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (6)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-310 Cryptographic Issues
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-328 Use of Weak Hash
CWE-400 Uncontrolled Resource Consumption
CWE-407 Inefficient Algorithmic Complexity
System Score Found at
epss 0.01278 https://api.first.org/data/v1/epss?cve=CVE-2011-5036
epss 0.01278 https://api.first.org/data/v1/epss?cve=CVE-2011-5036
epss 0.01278 https://api.first.org/data/v1/epss?cve=CVE-2011-5036
epss 0.01278 https://api.first.org/data/v1/epss?cve=CVE-2011-5036
epss 0.01278 https://api.first.org/data/v1/epss?cve=CVE-2011-5036
epss 0.01278 https://api.first.org/data/v1/epss?cve=CVE-2011-5036
epss 0.01278 https://api.first.org/data/v1/epss?cve=CVE-2011-5036
epss 0.01278 https://api.first.org/data/v1/epss?cve=CVE-2011-5036
epss 0.01278 https://api.first.org/data/v1/epss?cve=CVE-2011-5036
generic_textual MODERATE https://gist.github.com/52bbc6b9cc19ce330829
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-v6j3-7jrw-hq2p
generic_textual MODERATE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2011-5036.yml
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2011-5036
generic_textual MODERATE https://web.archive.org/web/20120201040317/http://jruby.org/2011/12/27/jruby-1-6-5-1
generic_textual MODERATE https://web.archive.org/web/20130213132312/http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
generic_textual MODERATE http://www.debian.org/security/2013/dsa-2783
generic_textual MODERATE http://www.kb.cert.org/vuls/id/903934
generic_textual MODERATE http://www.nruns.com/_downloads/advisory28122011.pdf
generic_textual MODERATE http://www.ocert.org/advisories/ocert-2011-003.html
Reference id Reference type URL
http://osvdb.org/show/osvdb/78121
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-5036.json
https://api.first.org/data/v1/epss?cve=CVE-2011-5036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5036
https://gist.github.com/52bbc6b9cc19ce330829
https://github.com/rack/rack/commit/09c5e53f11a491c25bef873ed146842f3cd03228
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2011-5036.yml
https://nvd.nist.gov/vuln/detail/CVE-2011-5036
https://web.archive.org/web/20120201040317/http://jruby.org/2011/12/27/jruby-1-6-5-1
https://web.archive.org/web/20130213132312/http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
http://www.debian.org/security/2013/dsa-2783
http://www.kb.cert.org/vuls/id/903934
http://www.nruns.com/_downloads/advisory28122011.pdf
653963 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653963
771149 https://bugzilla.redhat.com/show_bug.cgi?id=771149
CVE-2011-4885;OSVDB-78115 Exploit http://www.ocert.org/advisories/ocert-2011-003.html
GHSA-v6j3-7jrw-hq2p https://github.com/advisories/GHSA-v6j3-7jrw-hq2p
GLSA-201203-05 https://security.gentoo.org/glsa/201203-05
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.79508
EPSS Score 0.01278
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:46:46.511498+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/rack/CVE-2011-5036.yml 38.0.0