Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2012-0840

Published: 10/02/2012 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Portable Runtime

Vulnerability Summary

tables/apr_hash.c in the Apache Portable Runtime (APR) library up to and including 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache portable runtime 1.3.6-dev

apache portable runtime 1.3.7

apache portable runtime 0.9.7-dev

apache portable runtime 1.3.3

apache portable runtime 0.9.6

apache portable runtime 0.9.16-dev

apache portable runtime 0.9.8

apache portable runtime 1.3.1

apache portable runtime 1.3.2

apache portable runtime 1.3.9

apache portable runtime 1.3.4

apache portable runtime 1.3.10

apache portable runtime 0.9.4

apache portable runtime 1.4.3

apache portable runtime 1.4.4

apache portable runtime 1.4.1

apache portable runtime 0.9.3

apache portable runtime 0.9.1

apache portable runtime

apache portable runtime 0.9.5

apache portable runtime 1.3.8

apache portable runtime 1.4.0

apache portable runtime 1.3.13

apache portable runtime 1.3.11

apache portable runtime 0.9.7

apache portable runtime 0.9.2-dev

apache portable runtime 0.9.2

apache portable runtime 1.3.6

apache portable runtime 1.3.12

apache portable runtime 1.4.2

apache portable runtime 0.9.9

apache portable runtime 1.3.5

apache portable runtime 0.9.3-dev

apache portable runtime 1.3.4-dev

apache portable runtime 1.3.0

Vendor Advisories

Debian CVElist Bug Report Logs: libapr1: apr_hash vulnerable to oCert-2011-003 style DOS attacks
Debian Bug report logs - #655435 libapr1: apr_hash vulnerable to oCert-2011-003 style DOS attacks Package: libapr1; Maintainer for libapr1 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Source for libapr1 is src:apr (PTS, buildd, popcon) Reported by: John Lightsey <lightsey@debianorg> Date: Wed, 11 J ...

Exploits

Exploit DB: Apache APR - Hash Collision Denial of Service
source: wwwsecurityfocuscom/bid/51917/info Apache APR is prone to a denial-of-service vulnerability An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/36669zip ...

References

CWE-20http://www.mail-archive.com/dev%40apr.apache.org/msg24439.htmlhttp://www.mail-archive.com/dev%40apr.apache.org/msg24472.htmlhttp://openwall.com/lists/oss-security/2012/02/09/1http://secunia.com/advisories/47862http://www.mail-archive.com/dev%40apr.apache.org/msg24473.htmlhttp://openwall.com/lists/oss-security/2012/02/08/3http://svn.apache.org/viewvc?rev=1231605&view=revhttps://exchange.xforce.ibmcloud.com/vulnerabilities/73096http://www.mandriva.com/security/advisories?name=MDVSA-2012:019http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD%40eris.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655435https://nvd.nist.govhttps://www.exploit-db.com/exploits/36669/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook