Novell Home

CVE-2011-4461

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2011-4461 at MITRE

Description

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entries: 739121, 739124

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.4
  • jetty5 >= 5.1.14-11.12.1
  • jetty5-demo >= 5.1.14-11.12.1
  • jetty5-javadoc >= 5.1.14-11.12.1
  • jetty5-manual >= 5.1.14-11.12.1

© 2014 Novell