CVE-2012-1035

AdaCore Ada Web Services < 2.10.2 - Denial of Service via Hash Collision in Form Parameters

Title source: llm
STIX 2.1

Description

AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

References (4)

Core 4
Core References
Various Sources x_refsource_misc
http://www.nruns.com/_downloads/advisory28122011.pdf
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-01/0169.html
Various Sources x_refsource_misc
http://www.ocert.org/advisories/ocert-2011-003.html

Scores

EPSS 0.0155
EPSS Percentile 72.2%

Details

CWE
CWE-20
Status published
Products (2)
adacore/ada_web_services 2.10.0
adacore/ada_web_services < 2.10.1
Published Feb 08, 2012
Tracked Since Feb 18, 2026