Lucene search
Veracode Vulnerability DatabaseVERACODE:10847HistoryJan 15, 2019 - 8:52 a.m.
Hash Collision Attack
2019-01-1508:52:54
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
EPSS
0.001
Percentile
50.4%
The SBLIM CIM Client is susceptible to hash collision attack. Since it uses HashMap to parse XML inputs, it allows the attacker to predict hashes and input malicious CIM-XML message from a WBEM (Web-Based Enterprise Management) server, causing high CPU consumption.
References
lists.opensuse.org/opensuse-updates/2012-12/msg00015.html
lists.opensuse.org/opensuse-updates/2013-01/msg00038.html
rhn.redhat.com/errata/RHSA-2012-0987.html
sblim.cvs.sourceforge.net/viewvc/sblim/jsr48-client/src/org/sblim/cimclient/internal/cimxml/sax/NodeFactory.java?view=log#rev1.7
sourceforge.net/p/sblim/bugs/2381/
access.redhat.com/security/updates/classification/#low
rhn.redhat.com/errata/RHSA-2012-0987.html
Related
centos
centos
sblim security update
2012-07-10 17:30:24
cvelist
cvelist
CVE-2012-2328
2014-02-10 17:00:00
cve
cve
CVE-2012-2328
2014-02-10 18:15:09
nvd
nvd
CVE-2012-2328
2014-02-10 18:15:09
openvas
openvas
RedHat Update for sblim-cim-client2 RHSA-2012:0987-04
2012-06-22 00:00:00
RedHat Update for sblim-cim-client2 RHSA-2012:0987-04
2012-06-22 00:00:00
CentOS Update for sblim-cim-client2 CESA-2012:0987 centos6
2012-07-30 00:00:00
nessus
nessus
CentOS 6 : sblim-cim-client2 (CESA-2012:0987)
2012-07-11 00:00:00
Scientific Linux Security Update : sblim-cim-client2 on SL6.x (20120620)
2012-08-01 00:00:00
openSUSE Security Update : sblim-cim-client2 (openSUSE-SU-2012:1621-1)
2014-06-13 00:00:00
redhat
redhat
(RHSA-2012:0987) Low: sblim-cim-client2 security update
2012-06-20 00:00:00
oraclelinux
oraclelinux
sblim-cim-client2 security update
2012-06-27 00:00:00
prion
prion
Code injection
2014-02-10 18:15:00
