CVE-2012-0840

tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD%40eris.apache.org%3E
http://openwall.com/lists/oss-security/2012/02/08/3
http://openwall.com/lists/oss-security/2012/02/09/1
http://secunia.com/advisories/47862	Vendor Advisory
http://svn.apache.org/viewvc?rev=1231605&view=rev	Patch
http://www.mail-archive.com/dev%40apr.apache.org/msg24439.html
http://www.mail-archive.com/dev%40apr.apache.org/msg24472.html
http://www.mail-archive.com/dev%40apr.apache.org/msg24473.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:019
https://exchange.xforce.ibmcloud.com/vulnerabilities/73096
http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD%40eris.apache.org%3E
http://openwall.com/lists/oss-security/2012/02/08/3
http://openwall.com/lists/oss-security/2012/02/09/1
http://secunia.com/advisories/47862	Vendor Advisory
http://svn.apache.org/viewvc?rev=1231605&view=rev	Patch
http://www.mail-archive.com/dev%40apr.apache.org/msg24439.html
http://www.mail-archive.com/dev%40apr.apache.org/msg24472.html
http://www.mail-archive.com/dev%40apr.apache.org/msg24473.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:019
https://exchange.xforce.ibmcloud.com/vulnerabilities/73096

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:portable_runtime::::::::
	cpe:2.3:a:apache:portable_runtime:0.9.1:::::::*
	cpe:2.3:a:apache:portable_runtime:0.9.2:::::::*
	cpe:2.3:a:apache:portable_runtime:0.9.2-dev:::::::*
	cpe:2.3:a:apache:portable_runtime:0.9.3:::::::*
	cpe:2.3:a:apache:portable_runtime:0.9.3-dev:::::::*
	cpe:2.3:a:apache:portable_runtime:0.9.4:::::::*
	cpe:2.3:a:apache:portable_runtime:0.9.5:::::::*
	cpe:2.3:a:apache:portable_runtime:0.9.6:::::::*
	cpe:2.3:a:apache:portable_runtime:0.9.7:::::::*
	cpe:2.3:a:apache:portable_runtime:0.9.7-dev:::::::*
	cpe:2.3:a:apache:portable_runtime:0.9.8:::::::*
	cpe:2.3:a:apache:portable_runtime:0.9.9:::::::*
	cpe:2.3:a:apache:portable_runtime:0.9.16-dev:::::::*
	cpe:2.3:a:apache:portable_runtime:1.3.0:::::::*
	cpe:2.3:a:apache:portable_runtime:1.3.1:::::::*
	cpe:2.3:a:apache:portable_runtime:1.3.2:::::::*
	cpe:2.3:a:apache:portable_runtime:1.3.3:::::::*
	cpe:2.3:a:apache:portable_runtime:1.3.4:::::::*
	cpe:2.3:a:apache:portable_runtime:1.3.4-dev:::::::*
	cpe:2.3:a:apache:portable_runtime:1.3.5:::::::*
	cpe:2.3:a:apache:portable_runtime:1.3.6:::::::*
	cpe:2.3:a:apache:portable_runtime:1.3.6-dev:::::::*
	cpe:2.3:a:apache:portable_runtime:1.3.7:::::::*
	cpe:2.3:a:apache:portable_runtime:1.3.8:::::::*
	cpe:2.3:a:apache:portable_runtime:1.3.9:::::::*
	cpe:2.3:a:apache:portable_runtime:1.3.10:::::::*
	cpe:2.3:a:apache:portable_runtime:1.3.11:::::::*
	cpe:2.3:a:apache:portable_runtime:1.3.12:::::::*
	cpe:2.3:a:apache:portable_runtime:1.3.13:::::::*
	cpe:2.3:a:apache:portable_runtime:1.4.0:::::::*
	cpe:2.3:a:apache:portable_runtime:1.4.1:::::::*
	cpe:2.3:a:apache:portable_runtime:1.4.2:::::::*
	cpe:2.3:a:apache:portable_runtime:1.4.3:::::::*
	cpe:2.3:a:apache:portable_runtime:1.4.4:::::::*

History

21 Nov 2024, 01:35

Type	Values Removed	Values Added
References	~~() http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD%40eris.apache.org%3E -~~	() http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD%40eris.apache.org%3E -
References	~~() http://openwall.com/lists/oss-security/2012/02/08/3 -~~	() http://openwall.com/lists/oss-security/2012/02/08/3 -
References	~~() http://openwall.com/lists/oss-security/2012/02/09/1 -~~	() http://openwall.com/lists/oss-security/2012/02/09/1 -
References	~~() http://secunia.com/advisories/47862 - Vendor Advisory~~	() http://secunia.com/advisories/47862 - Vendor Advisory
References	~~() http://svn.apache.org/viewvc?rev=1231605&view=rev - Patch~~	() http://svn.apache.org/viewvc?rev=1231605&view=rev - Patch
References	~~() http://www.mail-archive.com/dev%40apr.apache.org/msg24439.html -~~	() http://www.mail-archive.com/dev%40apr.apache.org/msg24439.html -
References	~~() http://www.mail-archive.com/dev%40apr.apache.org/msg24472.html -~~	() http://www.mail-archive.com/dev%40apr.apache.org/msg24472.html -
References	~~() http://www.mail-archive.com/dev%40apr.apache.org/msg24473.html -~~	() http://www.mail-archive.com/dev%40apr.apache.org/msg24473.html -
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2012:019 -~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2012:019 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/73096 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/73096 -

Information

Published : 2012-02-10 19:55

Updated : 2024-11-21 01:35

NVD link : CVE-2012-0840

Mitre link : CVE-2012-0840

CVE.ORG link : CVE-2012-0840

JSON object : View

Products Affected

apache

portable_runtime

CWE

CWE-20

Improper Input Validation

5.0 /10