[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-4858Date: (C)2012-01-05   (M)2023-12-22


Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-48549
SECUNIA-48790
SECUNIA-48791
BID-51200
SECUNIA-54971
SECUNIA-55115
DSA-2401
HPSBUX02860
RHSA-2012:0074
RHSA-2012:0075
RHSA-2012:0076
RHSA-2012:0077
RHSA-2012:0078
RHSA-2012:0089
RHSA-2012:0325
RHSA-2012:0406
SSRT100728
SSRT100771
VU#903934
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
https://bugzilla.redhat.com/show_bug.cgi?id=750521
https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
oval:org.mitre.oval:def:18886

CPE    59
cpe:/a:apache:tomcat:6.0.18
cpe:/a:apache:tomcat:6.0.17
cpe:/a:apache:tomcat:7.0.20
cpe:/a:apache:tomcat:6.0.19
...
CWE    1
CWE-399
OVAL    8
oval:org.secpod.oval:def:700764
oval:org.secpod.oval:def:202309
oval:org.secpod.oval:def:202312
oval:org.secpod.oval:def:600727
...

© SecPod Technologies