CVE-2011-3414

CWE-3995 documents5 sources
Severity
7.8HIGH
EPSS
72.0%
top 1.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Windows Server 2008Microsoft Windows XP
Timeline
PublishedDec 30
Latest updateMay 13

Description

The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
GHSA-95wq-73j6-rm8c: The CaseInsensitiveHashProvider2022-05-13
CVEList
CVE-2011-3414: The CaseInsensitiveHashProvider2011-12-30
VulnCheck
Microsoft .NET Framework CaseInsensitiveHashProvider.getHashCode Function Vulnerability2011

💬Community

1
Bugzilla
CVE-2012-3543 mono: Hash collision issue2012-08-30
CVE-2011-3414 (HIGH CVSS 7.8) | The CaseInsensitiveHashProvider.get | cvebase.io