Lucene search

[email protected]NVD:CVE-2011-4858

HistoryJan 05, 2012 - 7:55 p.m.

CVE-2011-4858

2012-01-0519:55:01

CWE-399

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

4.3 Medium

AI Score

Confidence

High

0.651 Medium

EPSS

Percentile

97.9%

JSON

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Affected configurations

NVD

Node

apachetomcatMatch5.5.35

apachetomcatMatch6.0.0

apachetomcatMatch6.0.1

apachetomcatMatch6.0.2

apachetomcatMatch6.0.3

apachetomcatMatch6.0.4

apachetomcatMatch6.0.5

apachetomcatMatch6.0.6

apachetomcatMatch6.0.7

apachetomcatMatch6.0.8

apachetomcatMatch6.0.9

apachetomcatMatch6.0.10

apachetomcatMatch6.0.11

apachetomcatMatch6.0.12

apachetomcatMatch6.0.13

apachetomcatMatch6.0.14

apachetomcatMatch6.0.15

apachetomcatMatch6.0.16

apachetomcatMatch6.0.17

apachetomcatMatch6.0.18

apachetomcatMatch6.0.19

apachetomcatMatch6.0.20

apachetomcatMatch6.0.21

apachetomcatMatch6.0.22

apachetomcatMatch6.0.23

apachetomcatMatch6.0.24

apachetomcatMatch6.0.25

apachetomcatMatch6.0.26

apachetomcatMatch6.0.27

apachetomcatMatch6.0.28

apachetomcatMatch6.0.29

apachetomcatMatch6.0.30

apachetomcatMatch6.0.31

apachetomcatMatch6.0.32

apachetomcatMatch6.0.33

apachetomcatMatch6.0.34

apachetomcatMatch7.0.0

apachetomcatMatch7.0.1

apachetomcatMatch7.0.2

apachetomcatMatch7.0.3

apachetomcatMatch7.0.4

apachetomcatMatch7.0.5

apachetomcatMatch7.0.6

apachetomcatMatch7.0.7

apachetomcatMatch7.0.8

apachetomcatMatch7.0.9

apachetomcatMatch7.0.10

apachetomcatMatch7.0.11

apachetomcatMatch7.0.12

apachetomcatMatch7.0.13

apachetomcatMatch7.0.14

apachetomcatMatch7.0.15

apachetomcatMatch7.0.16

apachetomcatMatch7.0.17

apachetomcatMatch7.0.18

apachetomcatMatch7.0.19

apachetomcatMatch7.0.20

apachetomcatMatch7.0.21

apachetomcatMatch7.0.22

References

mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e

marc.info/?l=bugtraq&m=132871655717248&w=2

marc.info/?l=bugtraq&m=133294394108746&w=2

marc.info/?l=bugtraq&m=136485229118404&w=2

rhn.redhat.com/errata/RHSA-2012-0074.html

rhn.redhat.com/errata/RHSA-2012-0075.html

rhn.redhat.com/errata/RHSA-2012-0076.html

rhn.redhat.com/errata/RHSA-2012-0077.html

rhn.redhat.com/errata/RHSA-2012-0078.html

rhn.redhat.com/errata/RHSA-2012-0089.html

rhn.redhat.com/errata/RHSA-2012-0325.html

rhn.redhat.com/errata/RHSA-2012-0406.html

secunia.com/advisories/48549

secunia.com/advisories/48790

secunia.com/advisories/48791

secunia.com/advisories/54971

secunia.com/advisories/55115

tomcat.apache.org/tomcat-7.0-doc/changelog.html

www.debian.org/security/2012/dsa-2401

www.kb.cert.org/vuls/id/903934

www.nruns.com/_downloads/advisory28122011.pdf

www.ocert.org/advisories/ocert-2011-003.html

www.securityfocus.com/bid/51200

bugzilla.redhat.com/show_bug.cgi?id=750521

github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

4.3 Medium

AI Score

Confidence

High

0.651 Medium

EPSS

Percentile

97.9%

JSON

Related for NVD:CVE-2011-4858

cve3 checkpoint_advisories1 github2 prion2 nessus26 cvelist2 openvas23 debiancve2 osv3 centos2 redhat10 oraclelinux2 nvd2 ubuntucve2 ibm5 ubuntu1 seebug1 exploitpack1 exploitdb1 securityvulns2 debian1 gentoo1