cpe:/a:apache:portable_runtime:0.9.1 cpe:/a:apache:portable_runtime:0.9.2 cpe:/a:apache:portable_runtime:0.9.2-dev cpe:/a:apache:portable_runtime:0.9.3 cpe:/a:apache:portable_runtime:0.9.3-dev cpe:/a:apache:portable_runtime:0.9.4 cpe:/a:apache:portable_runtime:0.9.5 cpe:/a:apache:portable_runtime:0.9.6 cpe:/a:apache:portable_runtime:0.9.7 cpe:/a:apache:portable_runtime:0.9.7-dev cpe:/a:apache:portable_runtime:0.9.8 cpe:/a:apache:portable_runtime:0.9.9 cpe:/a:apache:portable_runtime:0.9.16-dev cpe:/a:apache:portable_runtime:1.3.0 cpe:/a:apache:portable_runtime:1.3.1 cpe:/a:apache:portable_runtime:1.3.2 cpe:/a:apache:portable_runtime:1.3.3 cpe:/a:apache:portable_runtime:1.3.4 cpe:/a:apache:portable_runtime:1.3.4-dev cpe:/a:apache:portable_runtime:1.3.5 cpe:/a:apache:portable_runtime:1.3.6 cpe:/a:apache:portable_runtime:1.3.6-dev cpe:/a:apache:portable_runtime:1.3.7 cpe:/a:apache:portable_runtime:1.3.8 cpe:/a:apache:portable_runtime:1.3.9 cpe:/a:apache:portable_runtime:1.3.10 cpe:/a:apache:portable_runtime:1.3.11 cpe:/a:apache:portable_runtime:1.3.12 cpe:/a:apache:portable_runtime:1.3.13 cpe:/a:apache:portable_runtime:1.4.0 cpe:/a:apache:portable_runtime:1.4.1 cpe:/a:apache:portable_runtime:1.4.2 cpe:/a:apache:portable_runtime:1.4.3 cpe:/a:apache:portable_runtime:1.4.4 cpe:/a:apache:portable_runtime:1.4.5 CVE-2012-0840 2012-02-10T14:55:02.407-05:00 2017-12-04T21:29:03.420-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2012-02-13T09:24:00.000-05:00 SECUNIA 47862 MANDRIVA MDVSA-2012:019 MLIST [apr-commits] 20120115 svn commit: r1231605 - /apr/apr/trunk/tables/apr_hash.c MLIST [dev] 20120105 Hash collision vectors in APR? MLIST [dev] 20120113 Re: Hash collision vectors in APR? MLIST [dev] 20120114 Re: Hash collision vectors in APR? MLIST [oss-security] 20120208 CVE request: apr - Hash DoS vulnerability MLIST [oss-security] 20120208 Re: CVE request: apr - Hash DoS vulnerability XF apacheapr-hash-dos(73096) CONFIRM http://svn.apache.org/viewvc?rev=1231605&view=rev tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.