Description

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.

Remediation

References

CVE-2013-7040

Related Vulnerabilities

WordPress Plugin Click to Copy Grab Box Multiple Cross-Site Scripting Vulnerabilities (0.1.1)

WordPress Plugin WpGenius Job Listing Cross-Site Scripting (1.0.2)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16222)

WordPress Plugin NEX-Forms-Ultimate Form builder SQL Injection (3.0)

WordPress Plugin More Fields Cross-Site Request Forgery (2.1)

Severity

Medium

Classification

CVE-2013-7040

Tags

Missing Update Known Vulnerabilities