Code injection

2012-02-0821:55:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.7%

JSON

AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CPENameOperatorVersion
ada_web_serviceseq2.10.0
ada_web_servicesle2.10.1

CPE	Name	Operator	Version
	ada_web_services	eq	2.10.0
	ada_web_services	le	2.10.1

References

archives.neohapsis.com/archives/bugtraq/2012-01/0169.html

www.adacore.com/2012/01/27/security-advisory-sa-2012-l119-003-hash-collisions-in-aws/

www.nruns.com/_downloads/advisory28122011.pdf

www.ocert.org/advisories/ocert-2011-003.html