Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-5034

CWE-20Improper Input ValidationCWE-400Uncontrolled Resource Consumption8 documents7 sources
Severity
7.8HIGH
EPSS
71.3%
top 1.28%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Geronimo
Timeline
PublishedDec 30
Latest updateMay 13

Description

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

NVDapache/geronimo2.2.1+16

🔴Vulnerability Details

3
GHSA
Apache Geronimo Hash Collisions Cause DoS2022-05-13
OSV
Apache Geronimo Hash Collisions Cause DoS2022-05-13
CVEList
CVE-2011-5034: Apache Geronimo 22011-12-30

💥Exploits & PoCs

2
Exploit-DB
PHP Hash Table Collision - Denial of Service (PoC)2012-01-03
Exploit-DB
MyBulletinBoard (MyBB) 1.1.5 - 'CLIENT-IP' SQL Injection2006-07-15

📋Vendor Advisories

1
Red Hat
apache-geronimo: hash table collisions CPU usage DoS2011-12-29

💬Community

1
Bugzilla
CVE-2011-5034 apache-geronimo: hash table collisions CPU usage DoS2020-06-26
CVE-2011-5034 (HIGH CVSS 7.8) | Apache Geronimo 2.2.1 and earlier c | cvebase.io