Rapid7 Vulnerability & Exploit Database

Juniper Junos OS: J-Web vulnerable to hash table collision attacks (JSA10522) (CVE-2011-3414)

Back to Search

Juniper Junos OS: J-Web vulnerable to hash table collision attacks (JSA10522) (CVE-2011-3414)

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
12/29/2011
Created
07/25/2018
Added
05/07/2014
Modified
09/29/2014

Description

The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."

Solution(s)

  • juniper-junos-os-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;