https://bugzilla.redhat.com/show_bug.cgi?id=1810460
Bug ID: 1810460 Summary: CVE-2012-0785 jenkins: hash collision allow remote attackers to cause a considerable CPU load resulting in Hash DoS Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: mkaplan@redhat.com CC: extras-orphan@fedoraproject.org, java-sig-commits@lists.fedoraproject.org, mizdebsk@redhat.com, msrb@redhat.com Target Milestone: --- Classification: Other
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."
Upstream advisory:
https://jenkins.io/security/advisory/2012-01-12/
https://bugzilla.redhat.com/show_bug.cgi?id=1810460
--- Doc Text *updated* by Eric Christensen sparks@redhat.com --- A flaw was found in jenkins. A hash collision attack could allow remote attackers to cause a considerable CPU load. The highest threat from this vulnerability is to system availability.
java-sig-commits@lists.fedoraproject.org