Denial of Service Vulnerability in Apache Geronimo by Predictable Hash Collisions
CVE-2011-5034

Currently unrated

Key Information:

Vendor

Apache
Status
Geronimo
Vendor
CVE Published:
30 December 2011

What is CVE-2011-5034?

Apache Geronimo versions 2.2.1 and earlier are prone to a denial of service vulnerability that arises from the way the software computes hash values for form parameters. The flaw allows remote attackers to send crafted parameters that trigger predictable hash collisions. This can lead to excessive CPU consumption as the application struggles to process the malicious input, effectively denying service to legitimate users. The vulnerability, which may overlap with other identified issues, highlights the importance of implementing robust input handling to mitigate such attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/FireFart/HashCollision-DOS-POC/blob/ma...
x_refsource_MISC
http://www.nruns.com/_downloads/advisory28122011.pdf
x_refsource_MISC
http://secunia.com/advisories/47412
third-party-advisoryx_refsource_SECUNIA

EPSS Score

71% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.