CVE-2011-5034 – org.apache.geronimo:geronimo

Package

Manager: maven
Name: org.apache.geronimo:geronimo
Vulnerable Version: >=0 <2.2.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.66459 pctl0.98481

Details

Apache Geronimo Hash Collisions Cause DoS Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.

Metadata

Created: 2022-05-13T01:07:39Z
Modified: 2024-01-15T19:14:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v3h8-rw48-h4gr/GHSA-v3h8-rw48-h4gr.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-v3h8-rw48-h4gr
Finding: F002
Auto approve: 1