CVE-2011-3414

The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."

Published: Dec 30, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-3414
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
microsoft / windows_vista	-	-
microsoft / windows_server_2008	-	-
microsoft / windows_server_2008	r2	r2.x
microsoft / windows_xp	sp3-unknown	sp3-unknown.x
microsoft / windows_7	--sp1	--sp1.x
microsoft / windows_server_2008	--sp2	--sp2.x
microsoft / windows_xp	-	-
microsoft / windows_server_2003	-	-
microsoft / windows_vista	--sp2	--sp2.x

Vulnerability Database

290,206

CVE-2011-3414