Skip to content

Apache Geronimo Hash Collisions Cause DoS

High severity GitHub Reviewed Published May 13, 2022 to the GitHub Advisory Database • Updated Jan 15, 2024

Package

maven org.apache.geronimo:geronimo (Maven)

Affected versions

< 2.2.1

Patched versions

2.2.1

Description

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.

References

Published by the National Vulnerability Database Dec 30, 2011
Published to the GitHub Advisory Database May 13, 2022
Last updated Jan 15, 2024
Reviewed Jan 15, 2024

Severity

High

EPSS score

4.837%
(93rd percentile)

Weaknesses

CVE ID

CVE-2011-5034

GHSA ID

GHSA-v3h8-rw48-h4gr

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.