Search Results (Refine Search)
- CPE Product Version: cpe:/a:apache:geronimo:1.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-5034 |
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461. Published: December 29, 2011; 8:55:01 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2006-0254 |
Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. Published: January 17, 2006; 8:51:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |