geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Murthy, Avaneesh (Avaneesh)" <amur...@avaya.com>
Subject CVE-2011-5034 Vulnerablity query
Date Mon, 23 Apr 2012 10:59:32 GMT
Hi,

 

I was wondering if you have any suggestions on how to deal with the
vulnerability by changing configuration on the web server.

 

CVE-2011-5034 "Hash values for form parameters computed without
restricting hash collisions causing a denial of service"
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5034

 

Or is there a fix planned in the coming releases of Apache Geronimo jars
?

 

Avaneesh


Mime
View raw message