Unrated severityNVD Advisory· Published Dec 30, 2011· Updated Jun 16, 2026
CVE-2011-3414
CVE-2011-3414
Description
The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*+ 4 more
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:sp3:unknown:english:*:*:*:*:*
- Range: 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, 4.0
Patches
Vulnerability mechanics
References
7- www.kb.cert.org/vuls/id/903934nvdUS Government Resource
- www.us-cert.gov/cas/techalerts/TA11-347A.htmlnvdUS Government Resource
- archives.neohapsis.com/archives/bugtraq/2011-12/0181.htmlnvd
- www.nruns.com/_downloads/advisory28122011.pdfnvd
- www.ocert.org/advisories/ocert-2011-003.htmlnvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-100nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14588nvd
News mentions
0No linked articles in our index yet.