CVE-2011-4885

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

References

http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html

http://marc.info/?l=bugtraq&m=132871655717248&w=2

http://marc.info/?l=bugtraq&m=133469208622507&w=2

http://rhn.redhat.com/errata/RHSA-2012-0071.html

http://secunia.com/advisories/47404

http://secunia.com/advisories/48668

http://support.apple.com/kb/HT5281

http://svn.php.net/viewvc?view=revision&revision=321003

http://svn.php.net/viewvc?view=revision&revision=321040

http://www.debian.org/security/2012/dsa-2399

http://www.exploit-db.com/exploits/18296

http://www.exploit-db.com/exploits/18305

http://www.kb.cert.org/vuls/id/903934

http://www.mandriva.com/security/advisories?name=MDVSA-2011:197

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.nruns.com/_downloads/advisory28122011.pdf

http://www.ocert.org/advisories/ocert-2011-003.html

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

http://www.redhat.com/support/errata/RHSA-2012-0019.html

http://www.securityfocus.com/bid/51193

http://www.securitytracker.com/id?1026473

https://exchange.xforce.ibmcloud.com/vulnerabilities/72021

https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py

Details

Source: MITRE

Published: 2011-12-30

Updated: 2018-01-09

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*

cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*

cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.3.8 (inclusive)

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
78135F5 Networks BIG-IP : PHP vulnerability (K13588)NessusF5 Networks Local Security Checks
medium
78134F5 Networks BIG-IP : Multiple PHP vulnerabilities (K13519)NessusF5 Networks Local Security Checks
critical
74580openSUSE Security Update : php5 (openSUSE-SU-2012:0426-1)NessusSuSE Local Security Checks
high
69644Amazon Linux AMI : php (ALAS-2012-37)NessusAmazon Linux Local Security Checks
medium
68442Oracle Linux 4 : php (ELSA-2012-0071)NessusOracle Linux Local Security Checks
medium
68432Oracle Linux 5 : php (ELSA-2012-0033)NessusOracle Linux Local Security Checks
high
68431Oracle Linux 5 / 6 : php / php53 (ELSA-2012-0019)NessusOracle Linux Local Security Checks
medium
67087CentOS 4 : php (CESA-2012:0071)NessusCentOS Local Security Checks
medium
62236GLSA-201209-03 : PHP: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
61227Scientific Linux Security Update : php on SL4.x i386/x86_64 (20120130)NessusScientific Linux Local Security Checks
medium
61220Scientific Linux Security Update : php on SL5.x i386/x86_64 (20120118)NessusScientific Linux Local Security Checks
high
61219Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20120111)NessusScientific Linux Local Security Checks
medium
59851HP System Management Homepage < 7.1.1 Multiple VulnerabilitiesNessusWeb Servers
critical
6482Mac OS X 10.7 < 10.7.4 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
59066Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST)NessusMacOS X Local Security Checks
critical
58740SuSE 11.1 Security Update : PHP5 (SAT Patch Number 5964)NessusSuSE Local Security Checks
high
58480SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8009)NessusSuSE Local Security Checks
high
57954Fedora 15 : maniadrive-1.2-32.fc15.2 / php-5.3.10-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15.2 (2012-1301)NessusFedora Local Security Checks
high
57932Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 regression (USN-1358-2)NessusUbuntu Local Security Checks
high
57888Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerabilities (USN-1358-1)NessusUbuntu Local Security Checks
high
57869Fedora 16 : maniadrive-1.2-32.fc16.2 / php-5.3.10-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.2 (2012-1262)NessusFedora Local Security Checks
high
57753Debian DSA-2399-2 : php5 - several vulnerabilitiesNessusDebian Local Security Checks
high
57748RHEL 4 : php (RHSA-2012:0071)NessusRed Hat Local Security Checks
medium
57703Fedora 15 : maniadrive-1.2-32.fc15.1 / php-5.3.9-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15.1 (2012-0420)NessusFedora Local Security Checks
medium
57642CentOS 5 : php (CESA-2012:0033)NessusCentOS Local Security Checks
high
57609Fedora 16 : maniadrive-1.2-32.fc16.1 / php-5.3.9-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.1 (2012-0504)NessusFedora Local Security Checks
medium
57594RHEL 5 : php (RHSA-2012:0033)NessusRed Hat Local Security Checks
high
801116PHP < 5.3.9 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
high
6263PHP < 5.3.9 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
57557PHP Version 5 Hash Collision Form Parameter Parsing Remote DoSNessusCGI abuses
medium
57537PHP < 5.3.9 Multiple VulnerabilitiesNessusCGI abuses
high
57494RHEL 5 / 6 : php53 and php (RHSA-2012:0019)NessusRed Hat Local Security Checks
medium
57489FreeBSD : php -- multiple vulnerabilities (d3921810-3c80-11e1-97e8-00215c6a37bb)NessusFreeBSD Local Security Checks
medium
57488CentOS 5 / 6 : php / php53 (CESA-2012:0019)NessusCentOS Local Security Checks
medium
57427Mandriva Linux Security Advisory : php (MDVSA-2011:197)NessusMandriva Local Security Checks
medium