CVE-2011-5034

HIGH

7.8

CVSS Severity Score

EPSS Score0.0560%

EPSS Percentile29.25th

PublishedDec 30, 2011

Last ModifiedApr 29, 2026

Vulnerability Description

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.

Affected Platforms (CPE)

📦

Apache

Geronimo

<= 2.2.1

📦

Apache

Geronimo

= 1.0

📦

Apache

Geronimo

= 1.1

📦

Apache

Geronimo

= 1.1.1

📦

Apache

Geronimo

= 1.2

📦

Apache

Geronimo

= 2.0.1

📦

Apache

Geronimo

= 2.0.2

📦

Apache

Geronimo

= 2.1

📦

Apache

Geronimo

= 2.1.1

📦

Apache

Geronimo

= 2.1.2

📦

Apache

Geronimo

= 2.1.3

📦

Apache

Geronimo

= 2.1.4

📦

Apache

Geronimo

= 2.1.5

📦

Apache

Geronimo

= 2.1.6

📦

Apache

Geronimo

= 2.1.7

📦

Apache

Geronimo

= 2.1.8

📦

Apache

Geronimo

= 2.2

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

🔗 http://secunia.com/advisories/47412

🔗 http://www.kb.cert.org/vuls/id/903934

🔗 http://www.nruns.com/_downloads/advisory28122011.pdf

🔗 http://www.ocert.org/advisories/ocert-2011-003.html

🔗 https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py

🔗 https://lists.apache.org/thread.html/r20957aa5962a48328f199e2373f408aeeae601a45dd5275a195e2b6e%40%3Cjava-dev.axis.apache.org%3E

🔗 https://lists.apache.org/thread.html/r360b70489bad65286b49ceb5303a849d2a7ec7d1292774a7259579e1%40%3Cissues.karaf.apache.org%3E

Vulnerability Description

Affected Platforms (CPE)

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

References & Advisories

Related Vulnerabilities