ID CVE-2011-4858
Summary Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:tomcat:5.5.35:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:5.5.35:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 09-01-2018 - 02:29)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
accepted 2015-04-20T04:00:47.813-04:00
class vulnerability
contributors
  • name Ganesh Manal
    organization Hewlett-Packard
  • name Sushant Kumar Singh
    organization Hewlett-Packard
  • name Prashant Kumar
    organization Hewlett-Packard
  • name Mike Cokus
    organization The MITRE Corporation
description Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
family unix
id oval:org.mitre.oval:def:18886
status accepted
submitted 2013-11-22T11:43:28.000-05:00
title HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
version 48
redhat via4
advisories
  • rhsa
    id RHSA-2012:0074
  • rhsa
    id RHSA-2012:0075
  • rhsa
    id RHSA-2012:0076
  • rhsa
    id RHSA-2012:0077
  • rhsa
    id RHSA-2012:0078
  • rhsa
    id RHSA-2012:0089
  • rhsa
    id RHSA-2012:0325
  • rhsa
    id RHSA-2012:0406
rpms
  • jbossweb-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-el-1.0-api-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-el-1.0-api-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-el-1.0-api-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-jsp-2.1-api-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-jsp-2.1-api-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-jsp-2.1-api-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-lib-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-lib-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-lib-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-servlet-2.5-api-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-servlet-2.5-api-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-servlet-2.5-api-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-el-1.0-api-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-el-1.0-api-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-el-1.0-api-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-jsp-2.1-api-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-jsp-2.1-api-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-jsp-2.1-api-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-lib-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-lib-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-lib-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-servlet-2.5-api-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-servlet-2.5-api-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-servlet-2.5-api-0:2.1.12-3_patch_03.2.ep5.el6
  • tomcat5-0:5.5.23-0jpp.31.el5_8
  • tomcat5-admin-webapps-0:5.5.23-0jpp.31.el5_8
  • tomcat5-common-lib-0:5.5.23-0jpp.31.el5_8
  • tomcat5-debuginfo-0:5.5.23-0jpp.31.el5_8
  • tomcat5-jasper-0:5.5.23-0jpp.31.el5_8
  • tomcat5-jasper-javadoc-0:5.5.23-0jpp.31.el5_8
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp.31.el5_8
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.31.el5_8
  • tomcat5-server-lib-0:5.5.23-0jpp.31.el5_8
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp.31.el5_8
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.31.el5_8
  • tomcat5-webapps-0:5.5.23-0jpp.31.el5_8
  • tomcat6-0:6.0.24-36.el6_2
  • tomcat6-admin-webapps-0:6.0.24-36.el6_2
  • tomcat6-docs-webapp-0:6.0.24-36.el6_2
  • tomcat6-el-2.1-api-0:6.0.24-36.el6_2
  • tomcat6-javadoc-0:6.0.24-36.el6_2
  • tomcat6-jsp-2.1-api-0:6.0.24-36.el6_2
  • tomcat6-lib-0:6.0.24-36.el6_2
  • tomcat6-servlet-2.5-api-0:6.0.24-36.el6_2
  • tomcat6-webapps-0:6.0.24-36.el6_2
  • tomcat5-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-admin-webapps-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-admin-webapps-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-common-lib-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-common-lib-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-jasper-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-jasper-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-jasper-eclipse-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-jasper-eclipse-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-jasper-javadoc-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-jasper-javadoc-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-jsp-2.0-api-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-jsp-2.0-api-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-parent-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-parent-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-server-lib-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-server-lib-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-servlet-2.4-api-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-servlet-2.4-api-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-webapps-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-webapps-0:5.5.33-28_patch_07.ep5.el6
  • tomcat6-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-admin-webapps-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-admin-webapps-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-docs-webapp-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-docs-webapp-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-el-1.0-api-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-el-1.0-api-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-javadoc-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-javadoc-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-jsp-2.1-api-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-jsp-2.1-api-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-lib-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-lib-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-log4j-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-log4j-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-servlet-2.5-api-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-servlet-2.5-api-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-webapps-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-webapps-0:6.0.32-24_patch_07.ep5.el6
refmap via4
bid 51200
cert-vn VU#903934
confirm
debian DSA-2401
hp
  • HPSBMU02747
  • HPSBUX02741
  • HPSBUX02860
  • SSRT100728
  • SSRT100771
  • SSRT101146
misc
mlist [announce] 20111228 [SECURITY] Apache Tomcat and the hashtable collision DoS vulnerability
secunia
  • 48549
  • 48790
  • 48791
  • 54971
  • 55115
Last major update 09-01-2018 - 02:29
Published 05-01-2012 - 19:55
Last modified 09-01-2018 - 02:29
Back to Top