Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0840

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-0840
Last Modified 13 Feb 2012 09:25:14
Published 10 Feb 2012 02:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0840

Summary

tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Vulnerable Systems

Application

  • Apache Portable Runtime 0.9.1

  • Apache Portable Runtime 0.9.16-dev

  • Apache Portable Runtime 0.9.2

  • Apache Portable Runtime 0.9.2-dev

  • Apache Portable Runtime 0.9.3

  • Apache Portable Runtime 0.9.3-dev

  • Apache Portable Runtime 0.9.4

  • Apache Portable Runtime 0.9.5

  • Apache Portable Runtime 0.9.6

  • Apache Portable Runtime 0.9.7

  • Apache Portable Runtime 0.9.7-dev

  • Apache Portable Runtime 0.9.8

  • Apache Portable Runtime 0.9.9

  • Apache Portable Runtime 1.3.0

  • Apache Portable Runtime 1.3.1

  • Apache Portable Runtime 1.3.10

  • Apache Portable Runtime 1.3.11

  • Apache Portable Runtime 1.3.12

  • Apache Portable Runtime 1.3.13

  • Apache Portable Runtime 1.3.2

  • Apache Portable Runtime 1.3.3

  • Apache Portable Runtime 1.3.4

  • Apache Portable Runtime 1.3.4-dev

  • Apache Portable Runtime 1.3.5

  • Apache Portable Runtime 1.3.6

  • Apache Portable Runtime 1.3.6-dev

  • Apache Portable Runtime 1.3.7

  • Apache Portable Runtime 1.3.8

  • Apache Portable Runtime 1.3.9

  • Apache Portable Runtime 1.4.0

  • Apache Portable Runtime 1.4.1

  • Apache Portable Runtime 1.4.2

  • Apache Portable Runtime 1.4.3

  • Apache Portable Runtime 1.4.4

  • Apache Portable Runtime 1.4.5


References

XF - apacheapr-hash-dos(73096)

MLIST - [dev] 20120114 Re: Hash collision vectors in APR?

MLIST - [dev] 20120113 Re: Hash collision vectors in APR?

MLIST - [dev] 20120105 Hash collision vectors in APR?

CONFIRM - http://svn.apache.org/viewvc?rev=1231605&view=rev

SECUNIA - 47862

MLIST - [oss-security] 20120208 Re: CVE request: apr - Hash DoS vulnerability

MLIST - [oss-security] 20120208 CVE request: apr - Hash DoS vulnerability

MLIST - [apr-commits] 20120115 svn commit: r1231605 - /apr/apr/trunk/tables/apr_hash.c


Last Updated: 27 May 2016 10:57:26