Bug 1810460 (CVE-2012-0785)

Summary: CVE-2012-0785 jenkins: hash collision allow remote attackers to cause a considerable CPU load resulting in Hash DoS
Product: [Other] Security Response Reporter: Michael Kaplan <mkaplan>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: extras-orphan, java-sig-commits, mizdebsk, msrb
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: jenkins 1.447 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in jenkins. A hash collision attack could allow remote attackers to cause a considerable CPU load. The highest threat from this vulnerability is to system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-28 05:24:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael Kaplan 2020-03-05 10:12:54 UTC 
Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."

Upstream advisory: 

https://jenkins.io/security/advisory/2012-01-12/