Denial of Service Vulnerability in Apache Geronimo by Predictable Hash Collisions
CVE-2011-5034

Currently unrated

Key Information:

Vendor: Apache
Status: Geronimo
Vendor: CVE Published:; 30 December 2011

Summary

Apache Geronimo versions 2.2.1 and earlier are prone to a denial of service vulnerability that arises from the way the software computes hash values for form parameters. The flaw allows remote attackers to send crafted parameters that trigger predictable hash collisions. This can lead to excessive CPU consumption as the application struggles to process the malicious input, effectively denying service to legitimate users. The vulnerability, which may overlap with other identified issues, highlights the importance of implementing robust input handling to mitigate such attacks.

References

https://github.com/FireFart/HashCollision-DOS-POC/blob/ma...

x_refsource_MISC

http://www.nruns.com/_downloads/advisory28122011.pdf

x_refsource_MISC

http://secunia.com/advisories/47412

third-party-advisoryx_refsource_SECUNIA

EPSS Score

66% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 30, 2011
Vulnerability Reserved
Dec 29, 2011