CVE-2012-0785
HIGHJenkins < 1.447 - Uncontrolled Resource Consumption via Hash Collision Attack
Title source: llmDescription
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."
References (5)
Core 5
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/01/20/8
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2012-0785
Broken Link x_refsource_misc
https://access.redhat.com/security/cve/cve-2012-0785
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2012-01-12/
Third Party Advisory x_refsource_confirm
https://www.cloudbees.com/jenkins-security-advisory-2012-01-12
Scores
CVSS v3
7.5
EPSS
0.0187
EPSS Percentile
83.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (4)
cloudbees/jenkins
1.400.0 - 1.400.0.11
jenkins/jenkins
< 1.424.2
jenkins/jenkins
< 1.447
org.jenkins-ci.main/jenkins-core
1.425 - 1.447Maven
Published
Feb 24, 2020
Tracked Since
Feb 18, 2026