5

CVE-2011-4885

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version <= 5.3.8
PhpPhp Version5.0.0
PhpPhp Version5.0.0 Updatebeta1
PhpPhp Version5.0.0 Updatebeta2
PhpPhp Version5.0.0 Updatebeta3
PhpPhp Version5.0.0 Updatebeta4
PhpPhp Version5.0.0 Updaterc1
PhpPhp Version5.0.0 Updaterc2
PhpPhp Version5.0.0 Updaterc3
PhpPhp Version5.0.1
PhpPhp Version5.0.2
PhpPhp Version5.0.3
PhpPhp Version5.0.4
PhpPhp Version5.0.5
PhpPhp Version5.1.1
PhpPhp Version5.1.2
PhpPhp Version5.1.3
PhpPhp Version5.1.4
PhpPhp Version5.1.5
PhpPhp Version5.1.6
PhpPhp Version5.2.0
PhpPhp Version5.2.1
PhpPhp Version5.2.2
PhpPhp Version5.2.3
PhpPhp Version5.2.4
PhpPhp Version5.2.5
PhpPhp Version5.2.6
PhpPhp Version5.2.7
PhpPhp Version5.2.8
PhpPhp Version5.2.9
PhpPhp Version5.2.10
PhpPhp Version5.2.11
PhpPhp Version5.2.12
PhpPhp Version5.2.14
PhpPhp Version5.2.15
PhpPhp Version5.2.16
PhpPhp Version5.2.17
PhpPhp Version5.3.0
PhpPhp Version5.3.1
PhpPhp Version5.3.2
PhpPhp Version5.3.3
PhpPhp Version5.3.4
PhpPhp Version5.3.5
PhpPhp Version5.3.6
PhpPhp Version5.3.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 83.91% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://marc.info/?l=bugtraq&m=132871655717248&w=2
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://support.apple.com/kb/HT5281
http://rhn.redhat.com/errata/RHSA-2012-0071.html
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
http://secunia.com/advisories/48668
http://www.debian.org/security/2012/dsa-2399
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://www.mandriva.com/security/advisories?name=MDVSA-2011:197
http://www.redhat.com/support/errata/RHSA-2012-0019.html
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
http://www.kb.cert.org/vuls/id/903934
US Government Resource
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
http://secunia.com/advisories/47404
http://svn.php.net/viewvc?view=revision&revision=321003
http://svn.php.net/viewvc?view=revision&revision=321040
http://www.exploit-db.com/exploits/18296
http://www.exploit-db.com/exploits/18305
http://www.securityfocus.com/bid/51193
http://www.securitytracker.com/id?1026473
https://exchange.xforce.ibmcloud.com/vulnerabilities/72021
https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py