Apache APR Hash Collision Denial Of Service Vulnerability
BID:51917
Info
Apache APR Hash Collision Denial Of Service Vulnerability
| Bugtraq ID: | 51917 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2012-0840 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 05 2012 12:00AM |
| Updated: | Apr 16 2015 05:49PM |
| Credit: | Moritz Muehlenhoff |
| Vulnerable: |
Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Gentoo Linux Apache Software Foundation APR 1.4.4 Apache Software Foundation APR 1.4.3 Apache Software Foundation APR 1.4.2 Apache Software Foundation APR 1.4.5 |
| Not Vulnerable: | |
Discussion
Apache APR Hash Collision Denial Of Service Vulnerability
Apache APR is prone to a denial-of-service vulnerability.
An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests.
Apache APR is prone to a denial-of-service vulnerability.
An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests.
Exploit / POC
Apache APR Hash Collision Denial Of Service Vulnerability
An attacker can use readily available tools to exploit this issue.
An attacker can use readily available tools to exploit this issue.
Solution / Fix
Apache APR Hash Collision Denial Of Service Vulnerability
Solution:
Updates are available. Please see the references for more information.
Mandriva Linux Mandrake 2011 x86_64
Mandriva Linux Mandrake 2011
MandrakeSoft Enterprise Server 5
Mandriva Linux Mandrake 2010.1 x86_64
Mandriva Linux Mandrake 2010.1
MandrakeSoft Enterprise Server 5 x86_64
Solution:
Updates are available. Please see the references for more information.
Mandriva Linux Mandrake 2011 x86_64
-
Mandriva lib64apr-devel-1.4.6-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64apr1-1.4.6-0.1-mdv2011.0.x86_64.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2011
-
Mandriva libapr-devel-1.4.6-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libapr1-1.4.6-0.1-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/
MandrakeSoft Enterprise Server 5
-
Mandriva libapr-devel-1.4.6-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libapr1-1.4.6-0.1mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2010.1 x86_64
-
Mandriva lib64apr-devel-1.4.6-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64apr1-1.4.6-0.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2010.1
-
Mandriva libapr-devel-1.4.6-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libapr1-1.4.6-0.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/downloads/
MandrakeSoft Enterprise Server 5 x86_64
-
Mandriva lib64apr-devel-1.4.6-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64apr1-1.4.6-0.1mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/downloads/
References
Apache APR Hash Collision Denial Of Service Vulnerability
References:
References:
- Apache APR Homepage (Apache)
- CVE request: apr - Hash DoS vulnerability (Moritz Muehlenhoff)
- n.runs-SA-2011.004 28-Dec-2011 (n.runs AG)