CVE-2011-3414
First published: Fri Dec 30 2011(Updated: )
The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 7 | ||
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3-unknown | |
| Microsoft Windows Vista | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.nruns.com/_downloads/advisory28122011.pdf
- http://www.ocert.org/advisories/ocert-2011-003.html
- http://www.kb.cert.org/vuls/id/903934
- http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
- http://www.us-cert.gov/cas/techalerts/TA11-347A.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14588
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100
Frequently Asked Questions
What is the severity of CVE-2011-3414?
CVE-2011-3414 has been rated as a medium severity vulnerability due to its potential impact on application security.
How do I fix CVE-2011-3414?
To fix CVE-2011-3414, upgrade to a later version of Microsoft .NET Framework that addresses the hash collision vulnerability.
What systems are affected by CVE-2011-3414?
CVE-2011-3414 affects various versions of Microsoft Windows, specifically Windows 7, Windows Vista, Windows XP, and Windows Server editions.
What are the potential impacts of exploiting CVE-2011-3414?
Exploitation of CVE-2011-3414 could allow an attacker to execute denial-of-service attacks or potentially exploit the system to manipulate data processing.
Is there a workaround for CVE-2011-3414 if I cannot update my software?
A temporary workaround for CVE-2011-3414 may involve altering application configurations to limit or mitigate possible hash collision scenarios.
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- agent/author
- vendor/microsoft
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- version/microsoft windows server/r2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3-unknown