Lucene search

K
osvGoogleOSV:GHSA-V3H8-RW48-H4GR
HistoryMay 13, 2022 - 1:07 a.m.

Apache Geronimo Hash Collisions Cause DoS

2022-05-1301:07:39
Google
osv.dev
14
apache geronimo
hash collisions
denial of service
cpu consumption
crafted parameters
software

AI Score

6.7

Confidence

High

EPSS

0.017

Percentile

87.8%

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.

References