CVE Reference: CVE-2011-4858

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2011-4858

Description:
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA48790
  Secunia Advisory: SA48791
  Secunia Advisory: SA54971
  Secunia Advisory: SA55115

REDHAT
  http://rhn.redhat.com/errata/RHSA-2012-0075.html
  http://rhn.redhat.com/errata/RHSA-2012-0076.html
  http://rhn.redhat.com/errata/RHSA-2012-0074.html
  http://rhn.redhat.com/errata/RHSA-2012-0406.html
  http://rhn.redhat.com/errata/RHSA-2012-0089.html
  http://rhn.redhat.com/errata/RHSA-2012-0077.html
  http://rhn.redhat.com/errata/RHSA-2012-0078.html
  http://rhn.redhat.com/errata/RHSA-2012-0325.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:18886

MLIST
  http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e

MISC
  http://www.nruns.com/_downloads/advisory28122011.pdf
  http://www.ocert.org/advisories/ocert-2011-003.html

HP
  http://marc.info/?l=bugtraq&m=136485229118404&w=2
  http://marc.info/?l=bugtraq&m=132871655717248&w=2

DEBIAN
  http://www.debian.org/security/2012/dsa-2401

CONFIRM
  http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

CERT-VN
  903934


Return to the previous page.