New Search

Collisions in HashTable May Cause DoS Vulnerability

oval:org.mitre.oval:def:14588

The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1 2.0 SP2 3.5 SP1 3.5.1 and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters aka "Collisions in HashTable May Cause DoS Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2008
  • Microsoft Windows XP
  • Microsoft Windows Server 2003
  • Microsoft Windows 7
  • Microsoft Windows Vista
Class:
vulnerability
Reference(s):
  • CVE-2011-3414
Product(s):
  • Microsoft .NET Framework 2.0
  • Microsoft .NET Framework 1.1
  • Microsoft .NET Framework 3.5.1
  • Microsoft .NET Framework 4