1. Home
  2. Vulnerabilities
  3. CVE-2011-5034

CVE-2011-5034

CVSS v2.0 7.8 (High)
78% Progress
EPSS 1.68 % (88th)
1.68% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.

Weaknesses
CWE-20
Improper Input Validation
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2011-12-30 01:55:01
(12 years ago)
Updated Date
2023-11-07 02:09:48
(10 months ago)

Affected Products

Apache

Configuration #1

    CPE23 From Up To
  Apache Geronimo 2.2.1 and prior versions cpe:2.3:a:apache:geronimo <= 2.2.1
  Apache Geronimo 1.0 cpe:2.3:a:apache:geronimo:1.0
  Apache Geronimo 1.1 cpe:2.3:a:apache:geronimo:1.1
  Apache Geronimo 1.1.1 cpe:2.3:a:apache:geronimo:1.1.1
  Apache Geronimo 1.2 cpe:2.3:a:apache:geronimo:1.2
  Apache Geronimo 2.0.1 cpe:2.3:a:apache:geronimo:2.0.1
  Apache Geronimo 2.0.2 cpe:2.3:a:apache:geronimo:2.0.2
  Apache Geronimo 2.1 cpe:2.3:a:apache:geronimo:2.1
  Apache Geronimo 2.1.1 cpe:2.3:a:apache:geronimo:2.1.1
  Apache Geronimo 2.1.2 cpe:2.3:a:apache:geronimo:2.1.2
  Apache Geronimo 2.1.3 cpe:2.3:a:apache:geronimo:2.1.3
  Apache Geronimo 2.1.4 cpe:2.3:a:apache:geronimo:2.1.4
  Apache Geronimo 2.1.5 cpe:2.3:a:apache:geronimo:2.1.5
  Apache Geronimo 2.1.6 cpe:2.3:a:apache:geronimo:2.1.6
  Apache Geronimo 2.1.7 cpe:2.3:a:apache:geronimo:2.1.7
  Apache Geronimo 2.1.8 cpe:2.3:a:apache:geronimo:2.1.8
  Apache Geronimo 2.2 cpe:2.3:a:apache:geronimo:2.2