cbcvebase.
CVE-2011-3414
published 2011-12-30

CVE-2011-3414: The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5…

PriorityP271high7.8CVSS 2.0
AVNACLAuNCNINAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
58.89%
99.0th percentile
The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftwindows_server_2008
microsoftwindows_xp

Detection & IOCsextracted from sources · hover to see the quote

  • The attack vector is sending many crafted HTTP form parameters to trigger hash collisions in the ASP.NET HashTable, causing CPU exhaustion (DoS). Detection should focus on HTTP POST requests with an abnormally large number of form parameters targeting ASP.NET endpoints.
  • The vulnerable function is CaseInsensitiveHashProvider.getHashCode within the HashTable implementation of the ASP.NET subsystem. Monitoring for excessive CPU consumption on .NET/Mono web servers correlating with high-volume form parameter submissions is a key detection signal.
  • The same hash collision DoS vulnerability also affects Mono .NET implementations (tracked as CVE-2012-3543). Detection logic should cover both Microsoft ASP.NET and Mono-hosted web applications.
  • ·Affected Microsoft .NET Framework versions are 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0. Detections and mitigations should be scoped to these specific versions.
  • ·Mono 2.x is EOL upstream and will not receive a patch for this issue; only Mono 3.x branch received the upstream fix. Environments running Mono 2.x (including Fedora EPEL 5/6 packages) remain permanently unpatched unless manually addressed.

CVSS provenance

nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vulncheck7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.