Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4462

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4462
Last Modified 06 Nov 2012 12:03:45
Published 29 Dec 2011 08:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4462

Summary

Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Vulnerable Systems

Application

  • Plone 1.0

  • Plone 1.0.1

  • Plone 1.0.2

  • Plone 1.0.3

  • Plone 1.0.4

  • Plone 1.0.5

  • Plone 1.0.6

  • Plone 2.0

  • Plone 2.0.1

  • Plone 2.0.2

  • Plone 2.0.3

  • Plone 2.0.4

  • Plone 2.0.5

  • Plone 2.1

  • Plone 2.1.1

  • Plone 2.1.2

  • Plone 2.1.3

  • Plone 2.1.4

  • Plone 2.5

  • Plone 2.5.1

  • Plone 2.5.2

  • Plone 2.5.3

  • Plone 2.5.4

  • Plone 2.5.5

  • Plone 3.0

  • Plone 3.0.1

  • Plone 3.0.2

  • Plone 3.0.3

  • Plone 3.0.4

  • Plone 3.0.5

  • Plone 3.0.6

  • Plone 3.1

  • Plone 3.1.1

  • Plone 3.1.2

  • Plone 3.1.3

  • Plone 3.1.4

  • Plone 3.1.5.1

  • Plone 3.1.6

  • Plone 3.1.7

  • Plone 3.2

  • Plone 3.2.1

  • Plone 3.2.2

  • Plone 3.2.3

  • Plone 3.3

  • Plone 3.3.1

  • Plone 3.3.2

  • Plone 3.3.3

  • Plone 3.3.4

  • Plone 3.3.5

  • Plone 3.3.6

  • Plone 4.0

  • Plone 4.0.1

  • Plone 4.0.2

  • Plone 4.0.3

  • Plone 4.0.4

  • Plone 4.0.5

  • Plone 4.0.7

  • Plone 4.0.9

  • Plone 4.1

  • Plone 4.1.1

  • Plone 4.1.2

  • Plone 4.1.3


References

CERT-VN - VU#903934

MISC - http://www.ocert.org/advisories/ocert-2011-003.html

MISC - http://www.nruns.com/_downloads/advisory28122011.pdf

XF - plone-hash-dos(72018)

SECUNIA - 47406

BUGTRAQ - 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table


Last Updated: 27 May 2016 10:57:58