Vulnerability Details : CVE-2011-3414
The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-3414
Probability of exploitation activity in the next 30 days: 96.92%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-3414
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2011-3414
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3414
-
http://www.nruns.com/_downloads/advisory28122011.pdf
Best 7 Best Internet Security Software in 2019
-
http://www.kb.cert.org/vuls/id/903934
VU#903934 - Hash table implementations vulnerable to algorithmic complexity attacksUS Government Resource
- http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
-
http://www.ocert.org/advisories/ocert-2011-003.html
oCERT archive
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100
Microsoft Security Bulletin MS11-100 - Critical | Microsoft Docs
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14588
Repository / Oval Repository
-
http://www.us-cert.gov/cas/techalerts/TA11-347A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
Products affected by CVE-2011-3414
- cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:sp3:unknown:english:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*