CVE-2012-1035

NONE EPSS 72.1%
Published Feb 8, 201214y ago · Modified Jun 16, 20262w ago
Find Similar
Published Feb 8, 2012 14y ago
Last Modified Jun 16, 2026 2w ago

Description

AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Threat Intelligence

EPSS Exploit Probability
72.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 2

VendorProductVersionRange
adacoreada_web_services* ≤2.10.1
adacoreada_web_services2.10.0any

References 4

  • archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2012-01/0169.html
  • adacore.com http://www.adacore.com/2012/01/27/security-advisory-sa-2012-l119-003-hash-collisions-in-aws/
    Vendor Advisory
  • nruns.com http://www.nruns.com/_downloads/advisory28122011.pdf
  • ocert.org http://www.ocert.org/advisories/ocert-2011-003.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.