5

CVE-2011-4858

EPSS 72.16%
Veröffentlicht 05.01.2012 19:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 29

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version5.5.35

Apache ≫ Tomcat Version6.0.0

Apache ≫ Tomcat Version6.0.1

Apache ≫ Tomcat Version6.0.2

Apache ≫ Tomcat Version6.0.3

Apache ≫ Tomcat Version6.0.4

Apache ≫ Tomcat Version6.0.5

Apache ≫ Tomcat Version6.0.6

Apache ≫ Tomcat Version6.0.7

Apache ≫ Tomcat Version6.0.8

Apache ≫ Tomcat Version6.0.9

Apache ≫ Tomcat Version6.0.10

Apache ≫ Tomcat Version6.0.11

Apache ≫ Tomcat Version6.0.12

Apache ≫ Tomcat Version6.0.13

Apache ≫ Tomcat Version6.0.14

Apache ≫ Tomcat Version6.0.15

Apache ≫ Tomcat Version6.0.16

Apache ≫ Tomcat Version6.0.17

Apache ≫ Tomcat Version6.0.18

Apache ≫ Tomcat Version6.0.19

Apache ≫ Tomcat Version6.0.20

Apache ≫ Tomcat Version6.0.21

Apache ≫ Tomcat Version6.0.22

Apache ≫ Tomcat Version6.0.23

Apache ≫ Tomcat Version6.0.24

Apache ≫ Tomcat Version6.0.25

Apache ≫ Tomcat Version6.0.26

Apache ≫ Tomcat Version6.0.27

Apache ≫ Tomcat Version6.0.28

Apache ≫ Tomcat Version6.0.29

Apache ≫ Tomcat Version6.0.30

Apache ≫ Tomcat Version6.0.31

Apache ≫ Tomcat Version6.0.32

Apache ≫ Tomcat Version6.0.33

Apache ≫ Tomcat Version6.0.34

Apache ≫ Tomcat Version7.0.0

Apache ≫ Tomcat Version7.0.1

Apache ≫ Tomcat Version7.0.2

Apache ≫ Tomcat Version7.0.3

Apache ≫ Tomcat Version7.0.4

Apache ≫ Tomcat Version7.0.5

Apache ≫ Tomcat Version7.0.6

Apache ≫ Tomcat Version7.0.7

Apache ≫ Tomcat Version7.0.8

Apache ≫ Tomcat Version7.0.9

Apache ≫ Tomcat Version7.0.10

Apache ≫ Tomcat Version7.0.11

Apache ≫ Tomcat Version7.0.12

Apache ≫ Tomcat Version7.0.13

Apache ≫ Tomcat Version7.0.14

Apache ≫ Tomcat Version7.0.15

Apache ≫ Tomcat Version7.0.16

Apache ≫ Tomcat Version7.0.17

Apache ≫ Tomcat Version7.0.18

Apache ≫ Tomcat Version7.0.19

Apache ≫ Tomcat Version7.0.20

Apache ≫ Tomcat Version7.0.21

Apache ≫ Tomcat Version7.0.22

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	72.16%	0.987

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://marc.info/?l=bugtraq&m=132871655717248&w=2

http://www.debian.org/security/2012/dsa-2401

http://rhn.redhat.com/errata/RHSA-2012-0074.html

http://rhn.redhat.com/errata/RHSA-2012-0075.html

http://rhn.redhat.com/errata/RHSA-2012-0076.html

http://rhn.redhat.com/errata/RHSA-2012-0077.html

http://rhn.redhat.com/errata/RHSA-2012-0078.html

http://rhn.redhat.com/errata/RHSA-2012-0325.html

http://www.kb.cert.org/vuls/id/903934

US Government Resource

http://www.nruns.com/_downloads/advisory28122011.pdf

http://www.ocert.org/advisories/ocert-2011-003.html

https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py

http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e

http://marc.info/?l=bugtraq&m=133294394108746&w=2

http://rhn.redhat.com/errata/RHSA-2012-0089.html

http://rhn.redhat.com/errata/RHSA-2012-0406.html

http://secunia.com/advisories/48549

http://secunia.com/advisories/48790

http://secunia.com/advisories/48791

http://secunia.com/advisories/54971

http://secunia.com/advisories/55115

http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

http://www.securityfocus.com/bid/51200

https://bugzilla.redhat.com/show_bug.cgi?id=750521

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886

https://nvd.nist.gov/vuln/detail/CVE-2011-4858

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-4858

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-4858

EUVD