CVE-2011-5034

Currently unrated

Key Information:

Vendor: Apache
Status: Geronimo
Vendor: CVE Published:; 30 December 2011

Summary

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.

References

https://github.com/FireFart/HashCollision-DOS-POC/blob/ma...

x_refsource_MISC

http://www.nruns.com/_downloads/advisory28122011.pdf

x_refsource_MISC

http://secunia.com/advisories/47412

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Dec 30, 2011
Vulnerability Reserved
Dec 29, 2011