Detections
Analytics
CVE-2011-4858
medium
Description
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886
https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
https://bugzilla.redhat.com/show_bug.cgi?id=750521
http://www.securityfocus.com/bid/51200
http://www.ocert.org/advisories/ocert-2011-003.html
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.kb.cert.org/vuls/id/903934
http://www.debian.org/security/2012/dsa-2401
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
http://secunia.com/advisories/55115
http://secunia.com/advisories/54971
http://secunia.com/advisories/48791
http://secunia.com/advisories/48790
http://secunia.com/advisories/48549
http://rhn.redhat.com/errata/RHSA-2012-0406.html
http://rhn.redhat.com/errata/RHSA-2012-0325.html
http://rhn.redhat.com/errata/RHSA-2012-0089.html
http://rhn.redhat.com/errata/RHSA-2012-0078.html
http://rhn.redhat.com/errata/RHSA-2012-0077.html
http://rhn.redhat.com/errata/RHSA-2012-0076.html
http://rhn.redhat.com/errata/RHSA-2012-0075.html
http://rhn.redhat.com/errata/RHSA-2012-0074.html
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://marc.info/?l=bugtraq&m=133294394108746&w=2