{ "threat_severity" : "Low", "public_date" : "2011-12-28T00:00:00Z", "bugzilla" : { "description" : "jetty: hash table collisions CPU usage DoS (oCERT-2011-003)", "id" : "781677", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=781677" }, "cvss" : { "cvss_base_score" : "5.0", "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status" : "verified" }, "details" : [ "Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters." ], "statement" : "The Red Hat Security Response Team has rated this issue as having Low security impact for the jetty-eclipse package in Red Hat Enterprise Linux 6. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement" : "Red Hat would like to thank oCERT for reporting this issue.", "affected_release" : [ { "product_name" : "Fuse ESB Enterprise 7.1.0", "release_date" : "2012-12-21T00:00:00Z", "advisory" : "RHSA-2012:1604", "cpe" : "cpe:/a:redhat:fuse_esb_enterprise:7.1.0" }, { "product_name" : "Fuse Management Console 7.1.0", "release_date" : "2012-12-21T00:00:00Z", "advisory" : "RHSA-2012:1606", "cpe" : "cpe:/a:redhat:fuse_management_console:7.1.0" }, { "product_name" : "Fuse MQ Enterprise 7.1.0", "release_date" : "2012-12-21T00:00:00Z", "advisory" : "RHSA-2012:1605", "cpe" : "cpe:/a:redhat:fuse_mq_enterprise:7.1.0" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Will not fix", "package_name" : "jetty-eclipse", "cpe" : "cpe:/o:redhat:enterprise_linux:6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-4461\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-4461" ], "name" : "CVE-2011-4461", "csaw" : false }