CVE-2011-5034

Published Dec 30, 2011

Last updated a year ago

CVSS info 7.8

Overview

Description: Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:geronimo:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6207AE74-C9E0-4B40-9B7F-13F147E26ABB",
            "versionEndIncluding": "2.2.1"
          },
          {
            "criteria": "cpe:2.3:a:apache:geronimo:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCEA65AC-5A1B-4354-AB6C-E1525B060581"
          },
          {
            "criteria": "cpe:2.3:a:apache:geronimo:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "531C2647-9F0D-4600-BB71-39BF2F3AC43F"
          },
          {
            "criteria": "cpe:2.3:a:apache:geronimo:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7779AD5B-D75E-4B0C-AF85-32CA10E99BC0"
          },
          {
            "criteria": "cpe:2.3:a:apache:geronimo:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FE1FE3E-4DC7-4A94-A1F4-D814CC1F6B41"
          },
          {
            "criteria": "cpe:2.3:a:apache:geronimo:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD68D814-2EA1-4E58-AAB1-3B23535A2D26"
          },
          {
            "criteria": "cpe:2.3:a:apache:geronimo:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "373ECB49-508C-446C-9CC9-6438D4D4137B"
          },
          {
            "criteria": "cpe:2.3:a:apache:geronimo:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECF8E5A6-BCAA-428E-A703-6D1508AE2DA0"
          },
          {
            "criteria": "cpe:2.3:a:apache:geronimo:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7353F7C5-18E8-4310-B31E-9B13963E3F18"
          },
          {
            "criteria": "cpe:2.3:a:apache:geronimo:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73F4CBB7-FF16-4B01-85B2-5B3FE7C8BE3D"
          },
          {
            "criteria": "cpe:2.3:a:apache:geronimo:2.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "366DB1DC-39E2-43A1-9A23-37B7A75F7D07"
          },
          {
            "criteria": "cpe:2.3:a:apache:geronimo:2.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEBE70E2-9AC5-443C-B33C-F8412DA886D4"
          },
          {
            "criteria": "cpe:2.3:a:apache:geronimo:2.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E551C272-F9B3-4FD3-BE98-0D4BB2E47B59"
          },
          {
            "criteria": "cpe:2.3:a:apache:geronimo:2.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "732915E8-2218-473D-AFE9-FFE3909EB83F"
          },
          {
            "criteria": "cpe:2.3:a:apache:geronimo:2.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B93EFEDB-360E-48AD-B8AD-4497B6C5FAF0"
          },
          {
            "criteria": "cpe:2.3:a:apache:geronimo:2.1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CC5B8F5-8EAD-44AA-AE78-34EAE453455A"
          },
          {
            "criteria": "cpe:2.3:a:apache:geronimo:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB97E59D-DA9F-48D3-8B30-4E0BAD75BBE2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References