Improper input validation in Apache Geronimo
CVE-2011-5034
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.733 (98.8th percentile) — read the EPSS interpretation.
Affected products
- Apache Geronimo — versions 1.0, 1.1, 1.1.1
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_MISC)
- 47412 (x_refsource_SECUNIA, third-party-advisory)
- VU#903934 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
- 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (x_refsource_MISC)
- [axis-java-dev] 20210622 [jira] [Updated] (AXIS2-6004) AXIS 2 1.7.9 geronimo jars with vulnerability CVE-2011-5034 (mailing-list, x_refsource_MLIST)
- [axis-java-dev] 20210622 [jira] [Created] (AXIS2-6004) AXIS 2 1.7.9 geronimo jars with vulnerability CVE-2011-5034 (mailing-list, x_refsource_MLIST)
- [axis-java-dev] 20210623 [jira] [Resolved] (AXIS2-6004) AXIS 2 1.7.9 geronimo jars with vulnerability CVE-2011-5034 (mailing-list, x_refsource_MLIST)
- [karaf-issues] 20210723 [jira] [Assigned] (KARAF-7227) Upgrade geronimo artifacts to mitigate CVE-2011-5034 (mailing-list, x_refsource_MLIST)
Frequently asked questions
- What is CVE-2011-5034?
- CVE-2011-5034 is a vulnerability in Apache Geronimo, classified under Improper Input Validation. Published 2011-12-30.
- Is CVE-2011-5034 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.