5
CVE-2011-4885
- EPSS 83.91%
- Veröffentlicht 30.12.2011 01:55:01
- Zuletzt bearbeitet 16.06.2026 23:35:34
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 83.91% | 0.997 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://marc.info/?l=bugtraq&m=132871655717248&w=2
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://support.apple.com/kb/HT5281
http://rhn.redhat.com/errata/RHSA-2012-0071.html
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
http://secunia.com/advisories/48668
http://www.debian.org/security/2012/dsa-2399
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://www.mandriva.com/security/advisories?name=MDVSA-2011:197
http://www.redhat.com/support/errata/RHSA-2012-0019.html
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
http://www.kb.cert.org/vuls/id/903934
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
http://secunia.com/advisories/47404
http://svn.php.net/viewvc?view=revision&revision=321003
http://svn.php.net/viewvc?view=revision&revision=321040
http://www.exploit-db.com/exploits/18296
http://www.exploit-db.com/exploits/18305
http://www.securityfocus.com/bid/51193
http://www.securitytracker.com/id?1026473
https://exchange.xforce.ibmcloud.com/vulnerabilities/72021
https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py