No, There is no class mentioned in the report. Report just says as below Apache activeMQ has these jars and this may lead to hash collisions.
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461. You can see this in below link : https://nvd.nist.gov/vuln/detail/CVE-2011-5034 Here it says solution as replace latest apache geronimo jar but this part of Apache activemq latest version and not using independent jars.How can i fix it.? http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5034 -- Sent from: http://apache-geronimo.328035.n3.nabble.com/Users-f328036.html
