fkie_cve-2012-0840
Vulnerability from fkie_nvd
Published
2012-02-10 19:55
Modified
2024-11-21 01:35
Severity ?
Summary
tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "849790FC-5A29-4D0F-91B7-875CE3E11C3A",
"versionEndIncluding": "1.4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAC9B4C4-ABC3-4306-A207-41E43B1BE20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "802A56B5-E4CC-49ED-A5EF-7F1BECBA2811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:0.9.2-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "86D62910-DF77-4DA5-B2E0-9C645DE21FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55CEAFE5-CD77-48C4-8B5E-A4FA173D5590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:0.9.3-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "18A3B6CD-8D8A-47F1-8021-3779F3882E4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C4C28F7-946E-4A8A-8D02-1166EE14E891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "280DCE6C-A529-4B61-80E4-D0C66D1FA709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8ECEA4AB-80B3-4E4D-A634-6A37E0C7A1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "57DE26CB-8B98-4ADE-A9A5-8DC3020D03FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:0.9.7-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "7686BB5B-9DD3-43DF-8852-2721D158AC81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4A13FE2-5580-446F-9963-DB978B97BCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F66FC842-29BD-4889-8436-D4BE271CE0AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:0.9.16-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "97664E40-9802-4FFE-9AD1-78CE05B82FEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB66AD7D-FF60-4320-A8AF-448836E61FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A42AC519-7FB4-4911-BA47-9CC87D0EA874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE38C6B-4042-4A01-9686-8CD38C995C80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "910818CC-6EED-4E78-B85C-51AAC3A945D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C8176D3-0632-4D2C-B992-8FE32B023B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.3.4-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1F3F02-BED5-42D6-92D9-AA0A5336F1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "25BE556A-5036-4CCC-A597-CA1FC1F89B11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "99A5A93F-2BD6-4DAE-854F-8CF4FC32C6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.3.6-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "C35911DF-832A-417D-92C4-5DF02E5EC164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A93F3369-74F6-49D0-94A3-C20603C43B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CA090A3B-F678-4078-9B7A-6BF3E88F4F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "13675179-8744-4213-8CDE-7FA0697547B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6B079B-2A7B-4985-B9F2-835DF3FC7600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E877387-C99E-446B-89DE-CFA4C0955F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "880DADBE-8690-4394-B0A6-B9C85D6B7233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B310E26F-1366-416D-A187-3951A8DAE62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D95BF2D-FE8D-400C-8AE7-20E027AA7C33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9EE541-4A74-4C9E-8ECC-7E5FAD3FE339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E66B5B1B-C79B-4510-96E5-4A9A8611C317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BC84CE-DEFF-4118-834D-403340717C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:portable_runtime:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5A391F-01C7-4A09-99A8-BFA7334257CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table."
},
{
"lang": "es",
"value": "tables/apr_hash.c en la librer\u00eda Apache Portable Runtime (APR) hasta v1.4.5 procesa las colisiones Hash de forma predecible, lo que permite a atacantes dependiendo del contexto provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de una entrada manipulada sobre una aplicaci\u00f3n que mantiene una tabla hash."
}
],
"id": "CVE-2012-0840",
"lastModified": "2024-11-21T01:35:49.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-10T19:55:02.407",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD%40eris.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2012/02/08/3"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2012/02/09/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47862"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?rev=1231605\u0026view=rev"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mail-archive.com/dev%40apr.apache.org/msg24439.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mail-archive.com/dev%40apr.apache.org/msg24472.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mail-archive.com/dev%40apr.apache.org/msg24473.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:019"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD%40eris.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2012/02/08/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2012/02/09/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.apache.org/viewvc?rev=1231605\u0026view=rev"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mail-archive.com/dev%40apr.apache.org/msg24439.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mail-archive.com/dev%40apr.apache.org/msg24472.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mail-archive.com/dev%40apr.apache.org/msg24473.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73096"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.