Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2011-4858
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
| Software | From | Fixed in |
|---|---|---|
| apache / tomcat | 6.0.33 | 6.0.33.x |
| apache / tomcat | 7.0.12 | 7.0.12.x |
| apache / tomcat | 6.0.6 | 6.0.6.x |
| apache / tomcat | 7.0.20 | 7.0.20.x |
| apache / tomcat | 6.0.11 | 6.0.11.x |
| apache / tomcat | 6.0.34 | 6.0.34.x |
| apache / tomcat | 7.0.8 | 7.0.8.x |
| apache / tomcat | 7.0.1 | 7.0.1.x |
| apache / tomcat | 7.0.2 | 7.0.2.x |
| apache / tomcat | 7.0.5 | 7.0.5.x |
| apache / tomcat | 6.0.22 | 6.0.22.x |
| apache / tomcat | 6.0.25 | 6.0.25.x |
| apache / tomcat | 6.0.7 | 6.0.7.x |
| apache / tomcat | 6.0.4 | 6.0.4.x |
| apache / tomcat | 7.0.22 | 7.0.22.x |
| apache / tomcat | 5.5.35 | 5.5.35.x |
| apache / tomcat | 6.0.15 | 6.0.15.x |
| apache / tomcat | 7.0.0 | 7.0.0.x |
| apache / tomcat | 7.0.6 | 7.0.6.x |
| apache / tomcat | 7.0.18 | 7.0.18.x |
| apache / tomcat | 6.0.20 | 6.0.20.x |
| apache / tomcat | 7.0.14 | 7.0.14.x |
| apache / tomcat | 6.0.21 | 6.0.21.x |
| apache / tomcat | 6.0.10 | 6.0.10.x |
| apache / tomcat | 6.0.31 | 6.0.31.x |
| apache / tomcat | 6.0.29 | 6.0.29.x |
| apache / tomcat | 7.0.11 | 7.0.11.x |
| apache / tomcat | 6.0.3 | 6.0.3.x |
| apache / tomcat | 6.0.9 | 6.0.9.x |
| apache / tomcat | 6.0.24 | 6.0.24.x |
| apache / tomcat | 6.0.23 | 6.0.23.x |
| apache / tomcat | 6.0.17 | 6.0.17.x |
| apache / tomcat | 7.0.7 | 7.0.7.x |
| apache / tomcat | 6.0.32 | 6.0.32.x |
| apache / tomcat | 6.0.28 | 6.0.28.x |
| apache / tomcat | 6.0.0 | 6.0.0.x |
| apache / tomcat | 7.0.13 | 7.0.13.x |
| apache / tomcat | 6.0.14 | 6.0.14.x |
| apache / tomcat | 7.0.15 | 7.0.15.x |
| apache / tomcat | 7.0.19 | 7.0.19.x |
| apache / tomcat | 7.0.16 | 7.0.16.x |
| apache / tomcat | 7.0.10 | 7.0.10.x |
| apache / tomcat | 6.0.1 | 6.0.1.x |
| apache / tomcat | 6.0.12 | 6.0.12.x |
| apache / tomcat | 6.0.18 | 6.0.18.x |
| apache / tomcat | 6.0.5 | 6.0.5.x |
| apache / tomcat | 7.0.21 | 7.0.21.x |
| apache / tomcat | 7.0.17 | 7.0.17.x |
| apache / tomcat | 6.0.30 | 6.0.30.x |
| apache / tomcat | 6.0.2 | 6.0.2.x |
| apache / tomcat | 7.0.9 | 7.0.9.x |
| apache / tomcat | 6.0.13 | 6.0.13.x |
| apache / tomcat | 7.0.4 | 7.0.4.x |
| apache / tomcat | 7.0.3 | 7.0.3.x |
| apache / tomcat | 6.0.26 | 6.0.26.x |
| apache / tomcat | 6.0.19 | 6.0.19.x |
| apache / tomcat | 6.0.27 | 6.0.27.x |
| apache / tomcat | 6.0.16 | 6.0.16.x |
| apache / tomcat | 6.0.8 | 6.0.8.x |
org.apache.tomcat / tomcat
|
5.5.0 | 5.5.35 |
|
org.apache.tomcat / tomcat
|
6.0.0 | 6.0.35 |
|
org.apache.tomcat / tomcat
|
7.0.0 | 7.0.23 |
- http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%[email protected]%3e
- http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e
- http://marc.info/?l=bugtraq&m=132871655717248&w=2
- http://marc.info/?l=bugtraq&m=133294394108746&w=2
- http://marc.info/?l=bugtraq&m=136485229118404&w=2
- http://rhn.redhat.com/errata/RHSA-2012-0074.html
- http://rhn.redhat.com/errata/RHSA-2012-0075.html
- http://rhn.redhat.com/errata/RHSA-2012-0076.html
- http://rhn.redhat.com/errata/RHSA-2012-0077.html
- http://rhn.redhat.com/errata/RHSA-2012-0078.html
- http://rhn.redhat.com/errata/RHSA-2012-0089.html
- http://rhn.redhat.com/errata/RHSA-2012-0325.html
- http://rhn.redhat.com/errata/RHSA-2012-0406.html
- http://secunia.com/advisories/48549
- http://secunia.com/advisories/48790
- http://secunia.com/advisories/48791
- http://secunia.com/advisories/54971
- http://secunia.com/advisories/55115
- http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
- http://www.debian.org/security/2012/dsa-2401
- http://www.kb.cert.org/vuls/id/903934
- http://www.nruns.com/_downloads/advisory28122011.pdf
- http://www.ocert.org/advisories/ocert-2011-003.html
- http://www.securityfocus.com/bid/51200
- https://bugzilla.redhat.com/show_bug.cgi?id=750521
- https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886