CVE-2012-1035 (GCVE-0-2012-1035)
Vulnerability from cvelistv5 – Published: 2012-02-08 21:00 – Updated: 2024-09-16 19:04
VLAI
EPSS
VEX
Summary
AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.nruns.com/_downloads/advisory28122011.pdf | x_refsource_MISC |
| http://www.adacore.com/2012/01/27/security-adviso… | x_refsource_CONFIRM |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.ocert.org/advisories/ocert-2011-003.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:26.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adacore.com/2012/01/27/security-advisory-sa-2012-l119-003-hash-collisions-in-aws/"
},
{
"name": "20120127 AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0169.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-08T21:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adacore.com/2012/01/27/security-advisory-sa-2012-l119-003-hash-collisions-in-aws/"
},
{
"name": "20120127 AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0169.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nruns.com/_downloads/advisory28122011.pdf",
"refsource": "MISC",
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"name": "http://www.adacore.com/2012/01/27/security-advisory-sa-2012-l119-003-hash-collisions-in-aws/",
"refsource": "CONFIRM",
"url": "http://www.adacore.com/2012/01/27/security-advisory-sa-2012-l119-003-hash-collisions-in-aws/"
},
{
"name": "20120127 AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0169.html"
},
{
"name": "http://www.ocert.org/advisories/ocert-2011-003.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1035",
"datePublished": "2012-02-08T21:00:00.000Z",
"dateReserved": "2012-02-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:04:31.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2012-1035",
"date": "2026-07-16",
"epss": "0.01552",
"percentile": "0.72318"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adacore:ada_web_services:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.10.1\", \"matchCriteriaId\": \"598460C2-D697-4BDC-A4D2-4436B7B7F29B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adacore:ada_web_services:2.10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A9A8BFA-F826-48B3-952B-D547A68F4861\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.\"}, {\"lang\": \"es\", \"value\": \"AdaCore Ada Web Services (AWS), antes de v2.10.2 calcula los valores hash de los par\\u00e1metros de los formularios que podr\\u00edan generar colisiones, lo que permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (consumo de CPU) mediante el env\\u00edo de muchos par\\u00e1metros manipulados.\"}]",
"id": "CVE-2012-1035",
"lastModified": "2024-11-21T01:36:14.917",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2012-02-08T21:55:01.640",
"references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2012-01/0169.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.adacore.com/2012/01/27/security-advisory-sa-2012-l119-003-hash-collisions-in-aws/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.nruns.com/_downloads/advisory28122011.pdf\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ocert.org/advisories/ocert-2011-003.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2012-01/0169.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.adacore.com/2012/01/27/security-advisory-sa-2012-l119-003-hash-collisions-in-aws/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.nruns.com/_downloads/advisory28122011.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ocert.org/advisories/ocert-2011-003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2012-1035\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-02-08T21:55:01.640\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.\"},{\"lang\":\"es\",\"value\":\"AdaCore Ada Web Services (AWS), antes de v2.10.2 calcula los valores hash de los par\u00e1metros de los formularios que podr\u00edan generar colisiones, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) mediante el env\u00edo de muchos par\u00e1metros manipulados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adacore:ada_web_services:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.10.1\",\"matchCriteriaId\":\"598460C2-D697-4BDC-A4D2-4436B7B7F29B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adacore:ada_web_services:2.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A9A8BFA-F826-48B3-952B-D547A68F4861\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2012-01/0169.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.adacore.com/2012/01/27/security-advisory-sa-2012-l119-003-hash-collisions-in-aws/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.nruns.com/_downloads/advisory28122011.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ocert.org/advisories/ocert-2011-003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2012-01/0169.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adacore.com/2012/01/27/security-advisory-sa-2012-l119-003-hash-collisions-in-aws/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.nruns.com/_downloads/advisory28122011.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ocert.org/advisories/ocert-2011-003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…