Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5034

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2011-5034
Last Modified 06 Nov 2012 12:05:00
Published 29 Dec 2011 08:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-5034

Summary

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.

Vulnerable Systems

Application

  • Apache Geronimo 1.0

  • Apache Geronimo 1.1

  • Apache Geronimo 1.1.1

  • Apache Geronimo 1.2

  • Apache Geronimo 2.0.1

  • Apache Geronimo 2.0.2

  • Apache Geronimo 2.1

  • Apache Geronimo 2.1.1

  • Apache Geronimo 2.1.2

  • Apache Geronimo 2.1.3

  • Apache Geronimo 2.1.4

  • Apache Geronimo 2.1.5

  • Apache Geronimo 2.1.6

  • Apache Geronimo 2.1.7

  • Apache Geronimo 2.1.8

  • Apache Geronimo 2.2

  • Apache Geronimo 2.2.1


References

CERT-VN - VU#903934

MISC - http://www.ocert.org/advisories/ocert-2011-003.html

MISC - http://www.nruns.com/_downloads/advisory28122011.pdf

MISC - https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py

SECUNIA - 47412

BUGTRAQ - 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table


Last Updated: 27 May 2016 10:57:58