CVE-2011-5034: Input Validation
Published Dec 30, 2011
·Updated
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
Affected Software
19 affected componentsFixes available
maven/org.apache.geronimo:geronimo<2.2.1
2.2.1
Apache Geronimo=2.1.5
Apache Geronimo=2.1.8
Apache Geronimo=1.0
Apache Geronimo=2.1.2
Apache Geronimo=2.1.6
Apache Geronimo=1.1
Apache Geronimo=2.2
Apache Geronimo=2.1.1
Apache Geronimo=1.1.1
Apache Geronimo=2.1
Apache Geronimo=2.1.3
Apache Geronimo=1.2
Apache Geronimo=2.1.4
Apache Geronimo<=2.2.1
Apache Geronimo=2.0.1
Apache Geronimo=2.0.2
Apache Geronimo=2.1.7
IBM QRadar SIEM<=7.5 - 7.5.0 UP12 IF03
Event History
Dec 30, 2011
CVE Published
via MITRE·01:00 AM
Data Sourced
via MITRE·01:00 AM
Description
May 13, 2022
Advisory Published
via GitHub·01:07 AM
Aug 1, 2025
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2011-5034?
CVE-2011-5034 has a medium severity rating due to its potential for denial of service.
2
How do I fix CVE-2011-5034?
To fix CVE-2011-5034, upgrade Apache Geronimo to version 2.2.2 or later.
3
What types of attacks does CVE-2011-5034 allow?
CVE-2011-5034 allows remote attackers to conduct denial of service attacks through crafted parameters.
4
Which versions of Apache Geronimo are affected by CVE-2011-5034?
CVE-2011-5034 affects Apache Geronimo versions 2.2.1 and earlier.
5
Is CVE-2011-5034 related to any other vulnerabilities?
Yes, CVE-2011-5034 might overlap with CVE-2011-4461 due to similar issues regarding hash collisions.