Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3414

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2011-3414
Last Modified 29 Jan 2013 11:42:34
Published 29 Dec 2011 08:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3414

Summary

The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 7 -

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 -

  • Microsoft Windows Server 2008 R2

  • Microsoft Windows Vista

  • Microsoft Windows Vista -

  • Microsoft Windows Xp

  • Microsoft Windows Xp Sp3


References

CERT-VN - VU#903934

MISC - http://www.ocert.org/advisories/ocert-2011-003.html

MISC - http://www.nruns.com/_downloads/advisory28122011.pdf

MS - MS11-100

BUGTRAQ - 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table

CERT - TA11-347A

Related Patches

MS11-100 2638420 2656358 Security Update for .NET Framework 1.1 SP1 for Windows 2003

MS11-100 2638420 2657424 Security Update for .NET Framework 3.5 SP1 (All Languages)

MS11-100 2638420 2656355 2656356 Security Update for .NET Framework 3.5.1 (All Languages) (Rev 2)

MS11-100 2638420 2656351 Security Update for .NET Framework 4.0 (All Languages) (Rev 3)

MS11-100 2638420 2656352 2656362 Security Update for .NET Framework 2.0 SP2 (All Languages)

MS11-100 Security Update for Microsoft .NET Framework 3.5 SP1 on Win XP, Server 2003, Vista, Server 2008 x86 (KB2657424)

MS11-100 Security Update for .NET Framework 3.5 SP1 on Win XP, Server 2003, Vista and Server 2008 for x64 (KB2657424)

MS12-035 MS11-100 2693777 2638420 2656353 Security Update for .NET Framework 1.1 SP1 (All Languages) (See Notes) (Rev 2)


Last Updated: 27 May 2016 10:57:58