CVE-2011-5034

MyBulletinBoard (MyBB) 1.1.5 - 'CLIENT-IP' SQL Injection

Severity Score

7.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.

Apache Geronimo v2.2.1 y anteriores calcula los valores hash de los parámetros de forma, sin restringir la capacidad de desencadenar colisiones hash predecible, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el envío de gran cantidad de parámetros a mano. NOTA: este podría superponerse CVE-2011-4461.

*Credits: N/A

CVSS Scores

NISTv2 7.8

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-07-15 First Exploit
2011-12-29 CVE Reserved
2011-12-30 CVE Published
2024-06-29 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (23)

URL	Tag	Source
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html	Mailing List
http://secunia.com/advisories/47412	Third Party Advisory
http://www.kb.cert.org/vuls/id/903934	Third Party Advisory
http://www.nruns.com/_downloads/advisory28122011.pdf	X_refsource_misc
http://www.ocert.org/advisories/ocert-2011-003.html	X_refsource_misc
https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py	X_refsource_misc
https://lists.apache.org/thread.html/r20957aa5962a48328f199e2373f408aeeae601a45dd5275a195e2b6e%40%3Cjava-dev.axis.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r360b70489bad65286b49ceb5303a849d2a7ec7d1292774a7259579e1%40%3Cissues.karaf.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r3c541f019b74902e8e61d73e40ecc2837dfce1b744ad5546919b993c%40%3Cissues.karaf.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r4fe6b5ff1d48e23337304fd5ac983d89328aecbd1fa198cfc966fbd7%40%3Cdev.geronimo.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r653f633aa7b6ccbb8c338dbfcea7a00e4ae9d6f3e064a03cab8dc20d%40%3Cjava-dev.axis.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r67747af92035942c9c413bd8394acbb8a1ace5833c0177014c825bc2%40%3Cissues.karaf.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r8dc1a0ae0e0cf9d2494b8cbd66562f99331c4cf635e7781850a9b9ba%40%3Cjava-dev.axis.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/ra10015f6f3c3c88b7d813383554e87c06347fe163487148669189b8e%40%3Cdev.geronimo.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/ra1fe29f6399b68980f914d8613dee7f67d62a1a97722fe9cd56f4f5f%40%3Cdev.geronimo.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rb0e85243d7268f1d7a1edb5e6c7df885dbd300acabaaf4cb0e880518%40%3Cissues.karaf.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rdd67ea3e489134f653349fc2cb09828ac8462aa61dd776b505a3297a%40%3Cissues.karaf.apache.org%3E	Mailing List
http://ocert.org/advisories/ocert-2011-003.html
https://web.archive.org/web/20120105151644/http://www.nruns.com/_downloads/advisory28122011.pdf
https://fahrplan.events.ccc.de/congress/2011/Fahrplan/events/4680.en.html
https://fahrplan.events.ccc.de/congress/2011/Fahrplan/attachments/2007_28C3_Effective_DoS_on_web_application_platforms.pdf
https://www.youtube.com/watch?v=R2Cq3CLI6H8

URL	Date	SRC
https://www.exploit-db.com/exploits/2012	2006-07-15

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Geronimo Search vendor "Apache" for product "Geronimo"				<= 2.2.1 Search vendor "Apache" for product "Geronimo" and version " <= 2.2.1"		-		Affected
Apache Search vendor "Apache"		Geronimo Search vendor "Apache" for product "Geronimo"				1.0 Search vendor "Apache" for product "Geronimo" and version "1.0"		-		Affected
Apache Search vendor "Apache"		Geronimo Search vendor "Apache" for product "Geronimo"				1.1 Search vendor "Apache" for product "Geronimo" and version "1.1"		-		Affected
Apache Search vendor "Apache"		Geronimo Search vendor "Apache" for product "Geronimo"				1.1.1 Search vendor "Apache" for product "Geronimo" and version "1.1.1"		-		Affected
Apache Search vendor "Apache"		Geronimo Search vendor "Apache" for product "Geronimo"				1.2 Search vendor "Apache" for product "Geronimo" and version "1.2"		-		Affected
Apache Search vendor "Apache"		Geronimo Search vendor "Apache" for product "Geronimo"				2.0.1 Search vendor "Apache" for product "Geronimo" and version "2.0.1"		-		Affected
Apache Search vendor "Apache"		Geronimo Search vendor "Apache" for product "Geronimo"				2.0.2 Search vendor "Apache" for product "Geronimo" and version "2.0.2"		-		Affected
Apache Search vendor "Apache"		Geronimo Search vendor "Apache" for product "Geronimo"				2.1 Search vendor "Apache" for product "Geronimo" and version "2.1"		-		Affected
Apache Search vendor "Apache"		Geronimo Search vendor "Apache" for product "Geronimo"				2.1.1 Search vendor "Apache" for product "Geronimo" and version "2.1.1"		-		Affected
Apache Search vendor "Apache"		Geronimo Search vendor "Apache" for product "Geronimo"				2.1.2 Search vendor "Apache" for product "Geronimo" and version "2.1.2"		-		Affected
Apache Search vendor "Apache"		Geronimo Search vendor "Apache" for product "Geronimo"				2.1.3 Search vendor "Apache" for product "Geronimo" and version "2.1.3"		-		Affected
Apache Search vendor "Apache"		Geronimo Search vendor "Apache" for product "Geronimo"				2.1.4 Search vendor "Apache" for product "Geronimo" and version "2.1.4"		-		Affected
Apache Search vendor "Apache"		Geronimo Search vendor "Apache" for product "Geronimo"				2.1.5 Search vendor "Apache" for product "Geronimo" and version "2.1.5"		-		Affected
Apache Search vendor "Apache"		Geronimo Search vendor "Apache" for product "Geronimo"				2.1.6 Search vendor "Apache" for product "Geronimo" and version "2.1.6"		-		Affected
Apache Search vendor "Apache"		Geronimo Search vendor "Apache" for product "Geronimo"				2.1.7 Search vendor "Apache" for product "Geronimo" and version "2.1.7"		-		Affected
Apache Search vendor "Apache"		Geronimo Search vendor "Apache" for product "Geronimo"				2.1.8 Search vendor "Apache" for product "Geronimo" and version "2.1.8"		-		Affected
Apache Search vendor "Apache"		Geronimo Search vendor "Apache" for product "Geronimo"				2.2 Search vendor "Apache" for product "Geronimo" and version "2.2"		-		Affected