ID:3726 - Exploit for Input validation error - CVE-2012-0840
Published: August 4, 2020
Vulnerability identifier: #VU33122
Vulnerability risk: Medium
CVE-ID: CVE-2012-0840
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
Link to public exploit:
Vulnerability description
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Remediation
Install update from vendor's website.