What is CVE-2011-3414?

CVE-2011-3414 is a vulnerability in Microsoft Windows_7, classified under CWE-399. Published 2011-12-30.

Is CVE-2011-3414 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Windows_7

CVE-2011-3414

The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restrictin…

EPSS: 0.720 (98.8th percentile) — read the EPSS interpretation.

Affected products

Microsoft Windows_7
Microsoft Windows_server_2003
Microsoft Windows_server_2008 — versions r2
Microsoft Windows_vista
Microsoft Windows_xp — versions sp3
N/a — versions n/a

Weakness classification (CWE)

CWE-399

Public proof-of-concept exploits

sergiogarciadev/HashCollisionDetector

References

oval:org.mitre.oval:def:14588 (x_refsource_OVAL, signature, vdb-entry)
secure@microsoft.com (x_refsource_MISC)
TA11-347A (US Government Resource, x_refsource_CERT, third-party-advisory)
MS11-100 (x_refsource_MS, vendor-advisory)
VU#903934 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (mailing-list, x_refsource_BUGTRAQ)
secure@microsoft.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2011-3414?: CVE-2011-3414 is a vulnerability in Microsoft Windows_7, classified under CWE-399. Published 2011-12-30.
Is CVE-2011-3414 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.