Apache Geronimo Hash Collision Denial Of Service Vulnerability

Bugtraq ID:	51238
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2011-5034
Remote:	Yes
Local:	No
Published:	Dec 28 2011 12:00AM
Updated:	Jan 17 2012 02:20PM
Credit:	Alexander Klink, n.runs AG and Julian Wälde, Technische Universität Darmstadt
Vulnerable:	Apache Software Foundation Geronimo 2.2.1 Apache Software Foundation Geronimo 2.1.6 Apache Software Foundation Geronimo 2.1.5 Apache Software Foundation Geronimo 2.1.4 Apache Software Foundation Geronimo 2.1.3 Apache Software Foundation Geronimo 2.1.2 Apache Software Foundation Geronimo 2.1.1 Apache Software Foundation Geronimo 2.0.2 Apache Software Foundation Geronimo 2.0.1 Apache Software Foundation Geronimo 1.1.1 Apache Software Foundation Geronimo 1.1 Apache Software Foundation Geronimo 1.0.1 Apache Software Foundation Geronimo 1.0 Apache Software Foundation Geronimo 2.1 Apache Software Foundation Geronimo 2.0 Apache Software Foundation Geronimo 1.2 Apache Software Foundation Geronimo 1.1 Apache Software Foundation Geronimo 1.0
Not Vulnerable:

Apache Geronimo Hash Collision Denial Of Service Vulnerability

Apache Geronimo is prone to a denial-of-service vulnerability.

An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests.

Apache Geronimo Hash Collision Denial Of Service Vulnerability

An attacker can use readily available tools to exploit this issue.

The following exploit code is available:

• /data/vulnerabilities/exploits/HashCollision-DoS-Java-POC.zip

Apache Geronimo Hash Collision Denial Of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].