Vulnerability Details : CVE-2011-3414
The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
Vulnerability category: Denial of service
Products affected by CVE-2011-3414
- cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:sp3:unknown:english:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3414
96.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3414
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2011-3414
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3414
-
http://www.nruns.com/_downloads/advisory28122011.pdf
Best 7 Best Internet Security Software in 2019
-
http://www.kb.cert.org/vuls/id/903934
VU#903934 - Hash table implementations vulnerable to algorithmic complexity attacksUS Government Resource
-
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
-
http://www.ocert.org/advisories/ocert-2011-003.html
oCERT archive
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100
Microsoft Security Bulletin MS11-100 - Critical | Microsoft Docs
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14588
Repository / Oval Repository
-
http://www.us-cert.gov/cas/techalerts/TA11-347A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
Jump to