GHSA-v3h8-rw48-h4gr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-v3h8-rw48-h4gr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v3h8-rw48-h4gr/GHSA-v3h8-rw48-h4gr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-v3h8-rw48-h4gr
- Aliases
-
- CVE-2011-5034
- Published
- 2022-05-13T01:07:39Z
- Modified
- 2024-12-07T05:37:51.766019Z
- Summary
- Apache Geronimo Hash Collisions Cause DoS
- Details
-
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
- Database specific
{ "nvd_published_at": "2011-12-30T01:55:00Z", "cwe_ids": [ "CWE-400" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-01-15T19:14:56Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2011-5034
- https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
- https://github.com/apache/geronimo
- https://lists.apache.org/thread.html/r20957aa5962a48328f199e2373f408aeeae601a45dd5275a195e2b6e@%3Cjava-dev.axis.apache.org%3E
- https://lists.apache.org/thread.html/r360b70489bad65286b49ceb5303a849d2a7ec7d1292774a7259579e1@%3Cissues.karaf.apache.org%3E
- https://lists.apache.org/thread.html/r3c541f019b74902e8e61d73e40ecc2837dfce1b744ad5546919b993c@%3Cissues.karaf.apache.org%3E
- https://lists.apache.org/thread.html/r4fe6b5ff1d48e23337304fd5ac983d89328aecbd1fa198cfc966fbd7@%3Cdev.geronimo.apache.org%3E
- https://lists.apache.org/thread.html/r653f633aa7b6ccbb8c338dbfcea7a00e4ae9d6f3e064a03cab8dc20d@%3Cjava-dev.axis.apache.org%3E
- https://lists.apache.org/thread.html/r67747af92035942c9c413bd8394acbb8a1ace5833c0177014c825bc2@%3Cissues.karaf.apache.org%3E
- https://lists.apache.org/thread.html/r8dc1a0ae0e0cf9d2494b8cbd66562f99331c4cf635e7781850a9b9ba@%3Cjava-dev.axis.apache.org%3E
- https://lists.apache.org/thread.html/ra10015f6f3c3c88b7d813383554e87c06347fe163487148669189b8e@%3Cdev.geronimo.apache.org%3E
- https://lists.apache.org/thread.html/ra1fe29f6399b68980f914d8613dee7f67d62a1a97722fe9cd56f4f5f@%3Cdev.geronimo.apache.org%3E
- https://lists.apache.org/thread.html/rb0e85243d7268f1d7a1edb5e6c7df885dbd300acabaaf4cb0e880518@%3Cissues.karaf.apache.org%3E
- https://lists.apache.org/thread.html/rdd67ea3e489134f653349fc2cb09828ac8462aa61dd776b505a3297a@%3Cissues.karaf.apache.org%3E
- https://web.archive.org/web/20120105151644/http://www.nruns.com/_downloads/advisory28122011.pdf
- https://web.archive.org/web/20130213132312/http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
- http://www.kb.cert.org/vuls/id/903934
- http://www.ocert.org/advisories/ocert-2011-003.html
Affected packages
Maven / org.apache.geronimo:geronimo
Package
- Name
- org.apache.geronimo:geronimo
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.geronimo/geronimo