Products & Services

Home

Home Networking

Home Networking

Wireless for everyone:
Get connected now

umi telepresence

umi telepresence

The new way to
be together.

Flip Video

Flip Video

Meet the Flip family:
Life now has a play button

More for Home

 Support How to Buy

For Home

Cisco Home Products Store
Products for everyone

Flip Video Store
Meet the Flip Family:
Life now has a play button

For Business

All Ordering Options

 Training & Events Partners

Find a Partner

Cisco Partners help you find the right solution for your Business

Become a Partner

Enhance your company's value-add, expertise and opportunities

Small Business Partners

Log in to get sales resources.

Already a Partner?

Log in for resources.

Register as a New User

Visit Partner Central or My Cisco Workspace
Guest

Security Activity Bulletin

Multiple Products Hash Collisions Denial of Service Vulnerability

 
Threat Type:IntelliShield: Applied Mitigation Bulletin
IntelliShield ID:24871
Version:16
First Published:2012 January 04 18:42 GMT
Last Published:2013 February 01 15:56 GMT
Port: Not Available
CVE:CVE-2012-0193 , CVE-2012-0841 , CVE-2011-4461 , CVE-2011-4815 , CVE-2011-4885
BugTraq ID:51193 , 51198 , 51199
Urgency: Unlikely Use
Credibility: Confirmed
Severity: Mild Damage
 
Version Summary:Red Hat has released an additional security advisory and updated packages to address multiple products hash collisions denial of service vulnerability. CentOS has also released updated packages to address this vulnerability.
 

Description
 
Multiple products contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to an implementation flaw in the code responsible for handling the hashing functionality in the affected products. A hash table provides the data structure to store user-supplied input using a mathematical property in an effort to minimize the overhead to access a given record. A good hashing function ensures uniqueness of each entry while calculating the location for a set of inputs. However, most implementations do not include mechanisms such as randomized hash functions. As a result, the function could fail to identify occurrences of hash collisions for multiple string patterns.

An unauthenticated, remote attacker could exploit the vulnerability by submitting malicious HTTP POST requests that contain a sequence of string patterns that could generate similar hash keys to a vulnerable application. Processing these requests could introduce multiple hash collisions, and the algorithmic complexity for adding an item into the hash table could increase significantly. The increased complexity could consume excessive system resources, leading to a DoS condition on the system.

The following products are vulnerable:
  • Apache Tomcat versions prior to 5.5.35, 6.0.35, and 7.0.23
  • Microsoft .NET Framework versions 1.1 SP1 and prior, versions 2.0 SP2 and prior, versions 3.5 SP1 and prior, and version 4
  • Jetty versions 8.1.0.RC2 and prior
  • Libxml2 versions 2.7.8 and prior
  • Oracle GlassFish versions 3.1.1 and prior
  • PHP versions 5.3.8 and prior
  • Ruby versions 1.8.7-p352 and prior
Apache has confirmed the vulnerability in the svn repository. Reports indicate patches are under development and will be released soon.

Microsoft has released a security bulletin at the following link: MS11-100. Microsoft customers can obtain updates directly by using the links in the security bulletin. These updates are also distributed by Windows automatic update features and available on the Windows Update website. Microsoft Windows Server Update Services (WSUS), Systems Management Server, and System Center Configuration Manager can assist administrators in deploying software updates.

Oracle has released a security advisory at the following link: CVE-2011-4815. Oracle has released patches for registered users at the following link: Solaris 11 11/11 SRU 6.6.

Ruby has released a security announcement at the following link: Denial of service attack was found for Ruby's Hash algorithm (CVE-2011-4815). Ruby has released updated software at the following link: Ruby 1.8.7-p357

Apple has released a security advisory at the following link: HT5281. Apple has released updated software at the following links:

OS X Lion Update 10.7.4 (Client)
OS X Lion Update 10.7.4 (Server)

CentOS packages can be updated using the up2date or yum command.

FreeBSD has released VuXML documents at the following links: php -- multiple vulnerabilities and Multiple implementations denial-of-service via hash algorithm collision. FreeBSD releases ports collection updates at the following link: Ports Collection Index

HP has released security bulletins c03127140, c03281867, and c03360041 at the following links: HPSBMU02736 SSRT100699, HPSBOV02763 SSRT100826, and HPSBMU02786 SSRT100877. HP users are advised to follow the mitigation steps in the vendor advisory.

HP has released updated software at the following links:

OpenVMS
CSWS_PHP Version 2.2-1

HP System Management Homepage 7.1.1 for Windows x64
HP System Management Homepage 7.1.1 for Windows x86
HP System Management Homepage 7.1.1 for Linux (AMD64/EM64T)
HP System Management Homepage 7.1.1 for Linux (x86)

IBM has released security bulletins at the following links: swg24031821 and swg21577532. IBM has released fixes at the following link: IBM WebSphere Application Server

Red Hat has released security advisories at the following links: RHSA-2012:0019, RHSA-2012-0033, RHSA-2012:0069, RHSA-2012:0070, RHSA-2012:0071, RHSA-2012:0324, RHSA-2012:1604, RHSA-2012:1605, RHSA-2012:1606, and RHSA-2013:0217. Red Hat packages can be updated using the up2date or yum command.

Red Hat has released updated packages for registered users at the following links:

Fuse ESB Enterprise 7.1.0 update
Fuse MQ Enterprise 7.1.0 update
Fuse Management Console 7.1.0 update

VMware has released security advisories at the following links: VMSA-2012-0012 and VMSA-2012-0013. VMware has released updated software at the following links:

ESXi 5.0
ESXi500-201207101-SG

ESX 4.1
ESX410-201208102-SG

VMware has notified customers that updated patches are pending for ESXi versions 4.1 and prior.
 
Alert History
 
Version 15, December 21, 2012, 6:20 AM: Red Hat has released additional security advisories and updated packages to address multiple products hash collisions denial of service vulnerability.

Version 14, September 4, 2012, 2:15 PM: VMware has released an additional security advisory and updated patches to address the hash collisions denial of service vulnerability found in multiple products.

Version 13, July 17, 2012, 11:35 AM: VMware has released a security advisory and updated patches to address the hash collisions denial of service vulnerability found in multiple products.

Version 12, June 29, 2012, 9:23 AM: HP has released an additional security bulletin and updated software to address the hash collisions denial of service vulnerability found in multiple products.

Version 11, May 10, 2012, 10:10 AM: Apple has released a security advisory and updated software to address the multiple products hash collisions denial of service vulnerability.

Version 10, April 20, 2012, 11:45 AM: Oracle has released a security advisory and patches to address multiple products hash collisions denial of service vulnerability.

Version 9, April 17, 2012, 1:58 PM: HP has released an additional security bulletin and updated software to address multiple products hash collisions denial of service vulnerability.

Version 8, February 24, 2012, 10:54 AM: Red Hat has released additional security advisories and updated packages to address multiple products hash collisions denial of service vulnerability. CentOS has also released updated packages to address this vulnerability.

Version 7, February 7, 2012, 10:34 AM: HP has released a security bulletin to address the multiple products hash collisions denial of service vulnerability.

Version 6, January 31, 2012, 10:54 AM: Red Hat has released additional security advisories and updated packages to address multiple products hash collisions denial of service vulnerability. CentOS has also released updated packages to address this vulnerability.

Version 5, January 23, 2012, 3:11 PM: IBM has released a flash alert and fixes to address the multiple products hash collisions denial of service vulnerability.

Version 4, January 19, 2012, 1:51 PM: Red Hat has released an additional security advisory and updated packages to address the multiple products hash collisions denial of service vulnerability. CentOS has also released updated packages to address this vulnerability.

Version 3, January 17, 2012, 6:08 PM: FreeBSD has released an additional VuXML document and updated ports collection to address the multiple products hash collisions denial of service vulnerability.

Version 2, January 12, 2012, 11:26 AM: FreeBSD has released a VuXML document and updated ports collection to address the multiple products hash collisions denial of service vulnerability. Red Hat and CentOS have also released a security advisory and updated packages to address this vulnerability.

Version 1, January 4, 2012, 1:42 PM: Multiple products contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. Updates are available.

Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
Microsoft, Inc..NET Framework1.0 Base, SP1, SP2, SP3 | 2.0 Base, SP1, SP2 | 3.5 Base, SP1 | 4.0 Base
Mort Bay ConsultingJetty6.1 .1, .10, .11, .12, .13, .14, .15, .16, .2, .3, .4, .5, .6, .7, .8, .9, Base | 7 Base
phpphp5.3.0 Base | 5.3.1 Base | 5.3.2 Base | 5.3.3 Base | 5.3.4 Base | 5.3.5 Base | 5.3.6 Base | 5.3.7 Base | 5.3.8 Base
Sun Microsystems, Inc.Sun GlassFish Enterprise Sever3.0 .1, Base | 3.1 .1, Base
The Jakarta ProjectTomcat Java Server5.5.0 Base | 5.5.1 Base | 5.5.10 Base | 5.5.11 Base | 5.5.12 Base | 5.5.13 Base | 5.5.14 Base | 5.5.15 Base | 5.5.16 Base | 5.5.17 Base | 5.5.18 Base | 5.5.19 Base | 5.5.2 Base | 5.5.20 Base | 5.5.21 Base | 5.5.22 Base | 5.5.23 Base | 5.5.24 Base | 5.5.25 Base | 5.5.26 Base | 5.5.27 Base | 5.5.28 Base | 5.5.29 Base | 5.5.3 Base | 5.5.30 Base | 5.5.31 Base | 5.5.32 Base | 5.5.33 Base | 5.5.34 Base | 5.5.4 Base | 5.5.5 Base | 5.5.6 Base | 5.5.7 Base | 5.5.8 Base | 5.5.9 Base | 6.0.0 Base | 6.0.1 Base | 6.0.10 Base | 6.0.11 Base | 6.0.12 Base | 6.0.13 Base | 6.0.14 Base | 6.0.15 Base | 6.0.16 Base | 6.0.18 Base | 6.0.19 Base | 6.0.2 Base | 6.0.20 Base | 6.0.21 Base | 6.0.22 Base | 6.0.23 Base | 6.0.24 Base | 6.0.25 Base | 6.0.26 Base | 6.0.27 Base | 6.0.28 Base | 6.0.29 Base | 6.0.3 Base | 6.0.30 Base | 6.0.31 Base | 6.0.32 Base | 6.0.33 Base | 6.0.34 Base | 6.0.4 Base | 6.0.5 Base | 6.0.6 Base | 6.0.7 Base | 6.0.8 Base | 6.0.9 Base | 6.1.0 Base | 7.0 .1, .10, .11, .12, .13, .14, .15, .16, .17, .18, .19, .2, .20, .21, .22, .3, .4, .5, .6, .7, .8, .9, Base
xmlsoft.orglibxml22.5 .1, .10, .11, .2, .3, .4, .5, .6, .7, .8, .9 | 2.6 .0, .1, .10, .11, .12, .13, .14, .15, .16, .17, .18, .19, .2, .20, .21, .22, .23, .24, .25, .26, .27, .28, .29, .3, .30, .31, .32, .4, .5, .6, .7, .8, .9 | 2.7 .0, .1, .2, .3, .4, .5, .6, .7, .8
Yukihiro MatsumotoRuby1.8 .6-p398, .6-p420, .7, .7 -p352, .7-p160, .7-p17, .7-p21, .7-p22, .7-p248, .7-p249, .7-p299, .7-p302, .7-p330, .7-p334, .7-p71, .7-p72

Associated Products:
AppleMac OS X10.7 Base | 10.7.1 Base | 10.7.2 Base | 10.7.3 Base
AppleMac OS X Server10.7 Base | 10.7.1 Base | 10.7.2 Base | 10.7.3 Base
CentOS ProjectCentOS4 .0 i386, .0 x86_64, .1 i386, .1 x86_64, .2 i386, .2 x86_64, .3 i386, .3 x86_64, .4 i386, .4 x86_64, .5 i386, .5 x86_64, .6 i386, .6 x86_64, .7 i386, .7 x86_64 | 5 .0 i386, .0 x86_64, .1 i386, .1 x86_64, .2 i386, .2 x86_64, .3 i386, .3 x86_64, .4 i386, .4 x86_64, .5 i386, .5 x86_64 | 6 .0 i386, .0 x86_64, .1 i386, .1 x86_64, .2 i386, .2 x86_64
FreeBSD ProjectFreeBSD6.3 Base | 6.4 Base | 7.0 Base | 7.1 Base | 7.2 Base | 7.3 Base | 7.4 Base | 8.0 Base | 8.1 Base | 8.2 Base | 9.0 Base
HPBusiness Availability Center8.0 Base | 8.01 Base | 8.02 Base | 8.03 Base | 8.04 Base | 8.05 Base | 8.06 Base | 8.07 Base
HPBusiness Service Management9.00 Base | 9.01 Base | 9.10 Base | 9.11 Base | 9.12 Base
HPSecure Web Server (SWS) for OpenVMS Alpha2.1 -1 | 2.20 Base
HPSecure Web Server (SWS) for OpenVMS Itanium2.1 -1 | 2.20 Base
HPSystem Management Homepage (SMH)6.0.0 Base | 6.1 Base | 6.2 Base | 7.0 Base | 7.1 Base
IBMWebSphere Application Server6.0 .0.2, .0.3, .1, .1.1, .1.2, .2, .2.1, .2.11, .2.13, .2.15, .2.17, .2.18, .2.19, .2.2, .2.20, .2.21, .2.23, .2.25, .2.27, .2.29, .2.3, .2.31, .2.33, .2.34, .2.35, .2.37, .2.38, .2.39, .2.4, .2.40, .2.41, .2.42, .2.5, .2.6, .2.7, .2.8, .2.9, Base | 6.1 .0, .0.1, .0.10, .0.11, .0.12, .0.13, .0.14, .0.15, .0.17, .0.19, .0.2, .0.21, .0.23, .0.25, .0.28, .0.29, .0.3, .0.30, .0.31, .0.33, .0.35, .0.37, .0.39, .0.4, .0.40, .0.41, .0.5, .0.6, .0.7, .0.8, .0.9 | 7.0 .0.0, .0.1, .0.10, .0.11, .0.13, .0.15, .0.17, .0.18, .0.19, .0.3, .0.5, .0.6, .0.7, .0.8, .0.9 | 8.0 Base
Oracle CorporationSolaris Express11 2010.11
Red Hat, Inc.Fuse ESB Enterprise7.0 .2, Base
Red Hat, Inc.Fuse Management Console1.0 .2, Base
Red Hat, Inc.Fuse MQ Enterprise7.0 .2, Base
Red Hat, Inc.Red Hat Desktop4 IA-32, x86_64
Red Hat, Inc.Red Hat Enterprise Linux5 IA-32, IA-64, PPC, ppc64, s390, s390x, x86_64
Red Hat, Inc.Red Hat Enterprise Linux Advanced Server4 IA-32, IA-64, PPC, ppc64, s390, s390x, x86_64
Red Hat, Inc.Red Hat Enterprise Linux Desktop5 IA-32, x86_64 | 6 IA-32, x86_64
Red Hat, Inc.Red Hat Enterprise Linux Desktop Workstation5 IA-32, x86-64
Red Hat, Inc.Red Hat Enterprise Linux Enterprise Server4 IA-32, IA-64, x86_64
Red Hat, Inc.Red Hat Enterprise Linux HPC Node6 x86_64
Red Hat, Inc.Red Hat Enterprise Linux Server6 IA-32, PPC, PPC 64, s390, s390x, x86_64
Red Hat, Inc.Red Hat Enterprise Linux Server AUS6.2 IA-32, x86_64
Red Hat, Inc.Red Hat Enterprise Linux Server EUS6.2.z IA-32, PPC, PPC64, s390, s390x, x86_64
Red Hat, Inc.Red Hat Enterprise Linux Workstation4 IA-32, IA-64, x86_64 | 6 IA-32, x86_64
VMware, Inc.VMware ESXi3.5 Base, Update 1, Update 2, Update 3, Update 4 | 4.0 Base | 4.1 Base | 5.0 Base
VMware, Inc.VMware ESX Server4.0 Base | 4.1 Base



Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service. This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment. Cisco is pleased to offer a free trial of the service. To register for full access, please visit the IntelliShield trial registration page.
LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield

Related Links

Solutions

Products & Services