CVE-2012-0193 Information

Description

IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43 6.1 before 6.1.0.43 7.0 before 7.0.0.23 and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Reference

http://osvdb.org/78321 http://www-01.ibm.com/support/docview.wss?uid=swg1PM53930 http://www-01.ibm.com/support/docview.wss?uid=swg21577532 http://www-01.ibm.com/support/docview.wss?uid=swg24031821