Lucene search

[email protected]NVD:CVE-2011-4885

HistoryDec 30, 2011 - 1:55 a.m.

CVE-2011-4885

2011-12-3001:55:01

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.5

Confidence

Low

EPSS

0.875

Percentile

98.7%

JSON

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Affected configurations

Nvd

Node

phpphpRange≤5.3.8

phpphpMatch5.0.0

phpphpMatch5.0.0beta1

phpphpMatch5.0.0beta2

phpphpMatch5.0.0beta3

phpphpMatch5.0.0beta4

phpphpMatch5.0.0rc1

phpphpMatch5.0.0rc2

phpphpMatch5.0.0rc3

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.1

phpphpMatch5.1.2

phpphpMatch5.1.3

phpphpMatch5.1.4

phpphpMatch5.1.5

phpphpMatch5.1.6

phpphpMatch5.2.0

phpphpMatch5.2.1

phpphpMatch5.2.2

phpphpMatch5.2.3

phpphpMatch5.2.4

phpphpMatch5.2.5

phpphpMatch5.2.6

phpphpMatch5.2.7

phpphpMatch5.2.8

phpphpMatch5.2.9

phpphpMatch5.2.10

phpphpMatch5.2.11

phpphpMatch5.2.12

phpphpMatch5.2.14

phpphpMatch5.2.15

phpphpMatch5.2.16

phpphpMatch5.2.17

phpphpMatch5.3.0

phpphpMatch5.3.1

phpphpMatch5.3.2

phpphpMatch5.3.3

phpphpMatch5.3.4

phpphpMatch5.3.5

phpphpMatch5.3.6

phpphpMatch5.3.7

VendorProductVersionCPE
phpphp*cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
phpphp5.0.1cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php	php	*	cpe:2.3:a:php:php::::::::
php	php	5.0.0	cpe:2.3:a:php:php:5.0.0:::::::*
php	php	5.0.0	cpe:2.3:a:php:php:5.0.0:beta1::::::
php	php	5.0.0	cpe:2.3:a:php:php:5.0.0:beta2::::::
php	php	5.0.0	cpe:2.3:a:php:php:5.0.0:beta3::::::
php	php	5.0.0	cpe:2.3:a:php:php:5.0.0:beta4::::::
php	php	5.0.0	cpe:2.3:a:php:php:5.0.0:rc1::::::
php	php	5.0.0	cpe:2.3:a:php:php:5.0.0:rc2::::::
php	php	5.0.0	cpe:2.3:a:php:php:5.0.0:rc3::::::
php	php	5.0.1	cpe:2.3:a:php:php:5.0.1:::::::*