The remote host is missing an update to the system as announced in the referenced advisory.

Update your system with the appropriate patches or software upgrades. http://www.ocert.org/advisories/ocert-2011-003.html http://www.nruns.com/_downloads/advisory28122011.pdf http://www.vuxml.org/freebsd/91be81e7-3fea-11e1-afc7-2c4138874f7d.html

The following packages are affected: jruby ruby ruby+nopthreads ruby+nopthreads+oniguruma ruby+oniguruma rubygem-rack v8 redis node CVE-2011-4838 JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. CVE-2011-4815 Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. CVE-2011-5036 Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. CVE-2011-5037 Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js.