VDB

CVE-2011-3414

CVE-2011-3414 PUBLISHED CVSS 7.800000190734863 HIGH

The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."

EPSS 71.97% · 98.8th percentile

Risk Scores

CVSS 2.0
7.800000190734863
EPSS Score
71.97%
98.8th percentile

Affected Products

VendorProductVersions
microsoftwindows_server_2008r2
microsoftwindows_server_2003
microsoftwindows_vista
microsoftwindows_7
n/an/an/a
microsoftwindows_xpsp3

Exploit Intelligence

…and 5 more exploits

Timeline

  • CVE Published
  • Dec 30, 2011 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 9, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score
  • Jul 17, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›