Vulnerability Description
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloudbees | Jenkins | >= 1.400.0, < 1.400.0.11 |
| Jenkins | Jenkins | < 1.424.2 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2012/01/20/8Mailing ListThird Party Advisory
- https://access.redhat.com/security/cve/cve-2012-0785Broken Link
- https://jenkins.io/security/advisory/2012-01-12/Vendor Advisory
- https://security-tracker.debian.org/tracker/CVE-2012-0785Third Party Advisory
- https://www.cloudbees.com/jenkins-security-advisory-2012-01-12Third Party Advisory
- http://www.openwall.com/lists/oss-security/2012/01/20/8Mailing ListThird Party Advisory
- https://access.redhat.com/security/cve/cve-2012-0785Broken Link
- https://jenkins.io/security/advisory/2012-01-12/Vendor Advisory
- https://security-tracker.debian.org/tracker/CVE-2012-0785Third Party Advisory
- https://www.cloudbees.com/jenkins-security-advisory-2012-01-12Third Party Advisory
FAQ
What is CVE-2012-0785?
CVE-2012-0785 is a vulnerability with a CVSS score of 7.5 (HIGH). Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote a...
How severe is CVE-2012-0785?
CVE-2012-0785 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0785?
Check the references section above for vendor advisories and patch information. Affected products include: Cloudbees Jenkins, Jenkins Jenkins.