Описание
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
Отчет
apache-geronimo is packaged with Red Hat OpenStack Platform 13.0's OpenDaylight (ODL). However because the flaw is moderate, Red Hat will not be releasing a fix for the ODL package at this time.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat AMQ Broker 7 | geronimo | Not affected | ||
| Red Hat Fuse 7 | geronimo | Not affected | ||
| Red Hat JBoss A-MQ 6 | geronimo | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | geronimo | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 7 | geronimo | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Continuous Delivery | geronimo | Not affected | ||
| Red Hat JBoss Fuse 6 | geronimo | Out of support scope | ||
| Red Hat JBoss SOA Platform 5 | geronimo | Out of support scope | ||
| Red Hat JBoss Web Server 3 | geronimo | Not affected | ||
| Red Hat JBoss Web Server 5 | geronimo | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
EPSS
5.3 Medium
CVSS3