CVE-2011-5034
Published Dec 30, 2011
Last updated a year ago
Overview
- Description
- Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:geronimo:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6207AE74-C9E0-4B40-9B7F-13F147E26ABB",
"versionEndIncluding": "2.2.1"
},
{
"criteria": "cpe:2.3:a:apache:geronimo:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCEA65AC-5A1B-4354-AB6C-E1525B060581"
},
{
"criteria": "cpe:2.3:a:apache:geronimo:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "531C2647-9F0D-4600-BB71-39BF2F3AC43F"
},
{
"criteria": "cpe:2.3:a:apache:geronimo:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7779AD5B-D75E-4B0C-AF85-32CA10E99BC0"
},
{
"criteria": "cpe:2.3:a:apache:geronimo:1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FE1FE3E-4DC7-4A94-A1F4-D814CC1F6B41"
},
{
"criteria": "cpe:2.3:a:apache:geronimo:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD68D814-2EA1-4E58-AAB1-3B23535A2D26"
},
{
"criteria": "cpe:2.3:a:apache:geronimo:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "373ECB49-508C-446C-9CC9-6438D4D4137B"
},
{
"criteria": "cpe:2.3:a:apache:geronimo:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECF8E5A6-BCAA-428E-A703-6D1508AE2DA0"
},
{
"criteria": "cpe:2.3:a:apache:geronimo:2.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7353F7C5-18E8-4310-B31E-9B13963E3F18"
},
{
"criteria": "cpe:2.3:a:apache:geronimo:2.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73F4CBB7-FF16-4B01-85B2-5B3FE7C8BE3D"
},
{
"criteria": "cpe:2.3:a:apache:geronimo:2.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "366DB1DC-39E2-43A1-9A23-37B7A75F7D07"
},
{
"criteria": "cpe:2.3:a:apache:geronimo:2.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEBE70E2-9AC5-443C-B33C-F8412DA886D4"
},
{
"criteria": "cpe:2.3:a:apache:geronimo:2.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E551C272-F9B3-4FD3-BE98-0D4BB2E47B59"
},
{
"criteria": "cpe:2.3:a:apache:geronimo:2.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "732915E8-2218-473D-AFE9-FFE3909EB83F"
},
{
"criteria": "cpe:2.3:a:apache:geronimo:2.1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B93EFEDB-360E-48AD-B8AD-4497B6C5FAF0"
},
{
"criteria": "cpe:2.3:a:apache:geronimo:2.1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9CC5B8F5-8EAD-44AA-AE78-34EAE453455A"
},
{
"criteria": "cpe:2.3:a:apache:geronimo:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB97E59D-DA9F-48D3-8B30-4E0BAD75BBE2"
}
],
"operator": "OR"
}
]
}
]