Jenkins Hash Collision Denial Of Service Vulnerability
BID:51432
Info
Jenkins Hash Collision Denial Of Service Vulnerability
| Bugtraq ID: | 51432 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 16 2012 12:00AM |
| Updated: | Mar 19 2015 08:33AM |
| Credit: | Reported by the vendor |
| Vulnerable: |
Jenkins-Ci Jenkins 1.409.3 Jenkins-Ci Jenkins 1.446 Jenkins-Ci Jenkins 1.438 Jenkins-Ci Jenkins 1.424.1 |
| Not Vulnerable: |
Jenkins-Ci Jenkins 1.447 Jenkins-Ci Jenkins 1.424.2 |
Discussion
Jenkins Hash Collision Denial Of Service Vulnerability
Jenkins is prone to a denial-of-service vulnerability.
An attacker can exploit this issue by sending a small number of specially crafted form posts to an affected application.
Successful exploits will result in a denial-of-service condition.
The following products are vulnerable:
Jenkins 1.446 and prior versions.
Jenkins LTS 1.424.1 and prior versions.
Jenkins is prone to a denial-of-service vulnerability.
An attacker can exploit this issue by sending a small number of specially crafted form posts to an affected application.
Successful exploits will result in a denial-of-service condition.
The following products are vulnerable:
Jenkins 1.446 and prior versions.
Jenkins LTS 1.424.1 and prior versions.
Exploit / POC
Jenkins Hash Collision Denial Of Service Vulnerability
An attacker can use readily available tools to exploit this issue.
An attacker can use readily available tools to exploit this issue.
Solution / Fix
Jenkins Hash Collision Denial Of Service Vulnerability
Solution:
Vendor updates are available. Please see the references for details.
Solution:
Vendor updates are available. Please see the references for details.
References
Jenkins Hash Collision Denial Of Service Vulnerability
References:
References:
- Jenkins CI Homepage (Jenkins CI)
- Jenkins Security Advisory 2012-01-12 (Jenkins)