CVE-2011-5034 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2011-5034?

CVE-2011-5034 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-5034?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Geronimo.

Vulnerability Description

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.

CVSS Score

7.8

HIGH

AV:N/AC:L/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Apache	Geronimo	<= 2.2.1

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2011-5034?

CVE-2011-5034 is a vulnerability with a CVSS score of 7.8 (HIGH). Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of se...

How severe is CVE-2011-5034?

CVE-2011-5034 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-5034?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Geronimo.