CVE-2011-4461

Priority
Medium
Description
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters
without restricting the ability to trigger hash collisions predictably,
which allows remote attackers to cause a denial of service (CPU
consumption) by sending many crafted parameters.
References
Notes
mdeslaur> in main in lucid, maverick, natty only
Assigned-to
mdeslaur
Package
Source: jetty (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):released (6.1.22-1ubuntu1.1)
Ubuntu 12.04 LTS (Precise Pangolin):released (6.1.24-6ubuntu0.12.04.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (6.1.26-1ubuntu1)
Ubuntu 14.10 (Utopic Unicorn):not-affected (6.1.26-1ubuntu1)
Patches:
Upstream:https://github.com/eclipse/jetty.project/commit/085c79d7d6cfbccc02821ffdb64968593df3e0bf
More Information

Valid XHTML 1.0 Strict

Updated: 2014-08-13 19:14:12 UTC (commit 8369)