CVE-2011-4461
Severity CVSS v4.0:
Pending analysis
Type:
CWE-310
Cryptographic Issues
Publication date:
30/12/2011
Last modified:
11/04/2025
Description
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:oracle:sun_storage_common_array_manager:6.9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:*:rc2:*:*:*:*:*:* | 8.1.0 (including) | |
| cpe:2.3:a:mortbay:jetty:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:1.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:1.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:1.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:1.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:1.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:1.3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:1.3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:1.3.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:1.3.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:2.0:alpha1:*:*:*:*:*:* | ||
| cpe:2.3:a:mortbay:jetty:2.0:alpha2:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
- http://marc.info/?l=bugtraq&m=143387688830075&w=2
- http://secunia.com/advisories/47408
- http://secunia.com/advisories/48981
- http://www.kb.cert.org/vuls/id/903934
- http://www.nruns.com/_downloads/advisory28122011.pdf
- http://www.ocert.org/advisories/ocert-2011-003.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.securitytracker.com/id?1026475=
- http://www.ubuntu.com/usn/USN-1429-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72017
- https://security.netapp.com/advisory/ntap-20190307-0004/
- http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
- http://marc.info/?l=bugtraq&m=143387688830075&w=2
- http://secunia.com/advisories/47408
- http://secunia.com/advisories/48981
- http://www.kb.cert.org/vuls/id/903934
- http://www.nruns.com/_downloads/advisory28122011.pdf
- http://www.ocert.org/advisories/ocert-2011-003.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.securitytracker.com/id?1026475=
- http://www.ubuntu.com/usn/USN-1429-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72017
- https://security.netapp.com/advisory/ntap-20190307-0004/