| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability CVE-2012-0840
Apache APR: denial of service via hash collision
Synthesis of the vulnerability
| An attacker could send data generating storage collisions, in order to overload a service. |
Severity: 1/4.
Creation date: 22/02/2012.
Revision date: 24/02/2012.
|
Impacted products
Description of the vulnerability
The bulletin VIGILANCE-VUL-11254 describes a vulnerability which can be used to create a denial of service on several applications.
This vulnerability could impact APR. Apache indicates that there is no intrinsic vulnerability, and that the algorithm was optimized to mitigate potential hash collisions.
In order to simplify VIGILANCE-VUL-11254, which was too big, solutions for APR were moved here. |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: Apache APR: denial of service via hash collision.
Keywords: APR Apache collision denial hash service.
Identifiers: BID-51917, CVE-2012-0840, FEDORA-2012-1656, FEDORA-2012-1709, MDVSA-2012:019, VIGILANCE-VUL-11380.
Pointed by: VIGILANCE-VUL-11254.
|
Information sources
Solutions for this vulnerability
Computer vulnerabilities tracking service
Vigil@nce provides a system vulnerability note. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system.
|
