Search for vulnerabilities
Vulnerability details: VCID-mmkw-na1f-aaar
Vulnerability ID VCID-mmkw-na1f-aaar
Aliases CVE-2012-0840
Summary tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0840.html
epss 0.01171 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.01171 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.01171 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.01171 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.01171 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.01171 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.01171 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.01171 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.01171 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.01171 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.01171 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.01652 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.01652 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.01652 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.01652 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.2084 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
epss 0.23194 https://api.first.org/data/v1/epss?cve=CVE-2012-0840
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=781606
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0840
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2012-0840
generic_textual Low http://www.mail-archive.com/dev%40apr.apache.org/msg24439.html
generic_textual Low http://www.mail-archive.com/dev%40apr.apache.org/msg24473.html
Reference id Reference type URL
http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD%40eris.apache.org%3E
http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD@eris.apache.org%3E
http://openwall.com/lists/oss-security/2012/02/08/3
http://openwall.com/lists/oss-security/2012/02/09/1
http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-0840.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0840.json
https://api.first.org/data/v1/epss?cve=CVE-2012-0840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0840
http://secunia.com/advisories/47862
https://exchange.xforce.ibmcloud.com/vulnerabilities/73096
http://svn.apache.org/viewvc?rev=1231605&view=rev
http://www.mail-archive.com/dev%40apr.apache.org/msg24439.html
http://www.mail-archive.com/dev%40apr.apache.org/msg24472.html
http://www.mail-archive.com/dev%40apr.apache.org/msg24473.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:019
655435 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655435
781606 https://bugzilla.redhat.com/show_bug.cgi?id=781606
cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.16-dev:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:0.9.16-dev:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.2-dev:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:0.9.2-dev:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.3-dev:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:0.9.3-dev:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.7-dev:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:0.9.7-dev:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:0.9.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.3.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.3.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.3.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.4-dev:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.3.4-dev:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.6-dev:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.3.6-dev:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.3.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.4.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.4.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:portable_runtime:1.4.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:1.4.4:*:*:*:*:*:*:*
CVE-2012-0840 https://nvd.nist.gov/vuln/detail/CVE-2012-0840
CVE-2012-0840;OSVDB-78932 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/36669.txt
CVE-2012-0840;OSVDB-78932 Exploit https://www.securityfocus.com/bid/51917/info
GLSA-201405-24 https://security.gentoo.org/glsa/201405-24
Data source Exploit-DB
Date added Jan. 5, 2012
Description Apache APR - Hash Collision Denial of Service
Ransomware campaign use Known
Source publication date Jan. 5, 2012
Exploit type dos
Platform linux
Source update date April 9, 2015
Source URL https://www.securityfocus.com/bid/51917/info
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2012-0840
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.85436
EPSS Score 0.01171
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.