CVE-2011-5034

HIGH

7.8

CVSS Severity Score

EPSS Score0.0560%

EPSS Percentile29.25th

Published2011年12月30日

Last Modified2026年4月29日

Vulnerability Description

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.

Affected Platforms (CPE)

📦

Apache

Geronimo

<= 2.2.1

📦

Apache

Geronimo

= 1.0

📦

Apache

Geronimo

= 1.1

📦

Apache

Geronimo

= 1.1.1

📦

Apache

Geronimo

= 1.2

📦

Apache

Geronimo

= 2.0.1

📦

Apache

Geronimo

= 2.0.2

📦

Apache

Geronimo

= 2.1

📦

Apache

Geronimo

= 2.1.1

📦

Apache

Geronimo

= 2.1.2

📦

Apache

Geronimo

= 2.1.3

📦

Apache

Geronimo

= 2.1.4

📦

Apache

Geronimo

= 2.1.5

📦

Apache

Geronimo

= 2.1.6

📦

Apache

Geronimo

= 2.1.7

📦

Apache

Geronimo

= 2.1.8

📦

Apache

Geronimo

= 2.2

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

🔗 http://secunia.com/advisories/47412

🔗 http://www.kb.cert.org/vuls/id/903934

🔗 http://www.nruns.com/_downloads/advisory28122011.pdf

🔗 http://www.ocert.org/advisories/ocert-2011-003.html

🔗 https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py

🔗 https://lists.apache.org/thread.html/r20957aa5962a48328f199e2373f408aeeae601a45dd5275a195e2b6e%40%3Cjava-dev.axis.apache.org%3E

🔗 https://lists.apache.org/thread.html/r360b70489bad65286b49ceb5303a849d2a7ec7d1292774a7259579e1%40%3Cissues.karaf.apache.org%3E

Vulnerability Description

Affected Platforms (CPE)

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

Geronimo

References & Advisories

相關漏洞威脅