Plone Hash Collision Denial Of Service Vulnerability
BID:51195
Info
Plone Hash Collision Denial Of Service Vulnerability
| Bugtraq ID: | 51195 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2011-4462 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 29 2011 12:00AM |
| Updated: | Mar 19 2015 09:18AM |
| Credit: | Alexander Klink, n.runs AG and Julian Wälde, Technische Universität Darmstadt |
| Vulnerable: |
Plone Plone 4.1.3 Plone Plone 4.0.8 Plone Plone 4.0.7 Plone Plone 3.3.5 Plone Plone 3.3.4 Plone Plone 3.3.3 Plone Plone 3.3.2 Plone Plone 3.3.1 Plone Plone 3.2.3 Plone Plone 3.2.2 Plone Plone 3.1.6 Plone Plone 3.1.4 Plone Plone 3.0.5 Plone Plone 3.0.4 Plone Plone 3.0.3 Plone Plone 3.0.2 Plone Plone 3.0.1 Plone Plone 2.5.5 Plone Plone 2.5.4 Plone Plone 2.5.1 Plone Plone 2.1.2 Plone Plone 2.0.5 Plone Plone 2.0.4 Plone Plone 4.1 Plone Plone 4.0.9 Plone Plone 4.0.6.1 Plone Plone 4.0.5 Plone Plone 4.0.4 Plone Plone 4.0.3 Plone Plone 4.0.2 Plone Plone 4.0.1 Plone Plone 4.0 Plone Plone 3.3.2 Plone Plone 3.3.1 Plone Plone 3.3 Plone Plone 3.3 Plone Plone 3.2.3 Plone Plone 3.2.2 Plone Plone 3.2.1 Plone Plone 3.2 Plone Plone 3.1.7 Plone Plone 3.1.6 Plone Plone 3.1.5.1 Plone Plone 3.1.3 Plone Plone 3.1.2 Plone Plone 3.1.1 Plone Plone 3.1 Plone Plone 3.0.6 Plone Plone 3.0 Plone Plone 2.5-beta1 Plone Plone 2.5 Plone Plone 2.1.3 Plone Plone 2.1.1 Plone Plone 2.1 Plone Plone 2.0.2 Plone Plone 2.0.1 Plone Plone 2.0 Plone Plone 1.0.6 Plone Plone 1.0.5 Plone Plone 1.0.4 Plone Plone 1.0.3 Plone Plone 1.0.2 Plone Plone 1.0.1 Plone Plone 1.0 |
| Not Vulnerable: | |
Discussion
Plone Hash Collision Denial Of Service Vulnerability
Plone is prone to a denial-of-service vulnerability.
An attacker can exploit this issue by constructing and sending a specially crafted series of anonymous HTTP requests to the affected computer.
Successful exploits may allow attackers to cause the hash collision resulting in excessive CPU resource consumption, effectively denying further service to legitimate users.
Plone 4.1.3 and prior versions are vulnerable.
Plone is prone to a denial-of-service vulnerability.
An attacker can exploit this issue by constructing and sending a specially crafted series of anonymous HTTP requests to the affected computer.
Successful exploits may allow attackers to cause the hash collision resulting in excessive CPU resource consumption, effectively denying further service to legitimate users.
Plone 4.1.3 and prior versions are vulnerable.
Exploit / POC
Plone Hash Collision Denial Of Service Vulnerability
An attacker can use readily available tools to exploit this issue.
An attacker can use readily available tools to exploit this issue.
Solution / Fix
Plone Hash Collision Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Plone Hash Collision Denial Of Service Vulnerability
References:
References: