CVE-2011-4858
Vulnerability from cvelistv5
Published
2012-01-05 19:00
Modified
2024-08-07 00:16
Severity ?
Summary
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
References
cve@mitre.orghttp://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e
cve@mitre.orghttp://marc.info/?l=bugtraq&m=132871655717248&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=133294394108746&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=136485229118404&w=2
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-0074.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-0075.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-0076.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-0077.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-0078.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-0089.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-0325.html
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-0406.html
cve@mitre.orghttp://secunia.com/advisories/48549
cve@mitre.orghttp://secunia.com/advisories/48790
cve@mitre.orghttp://secunia.com/advisories/48791
cve@mitre.orghttp://secunia.com/advisories/54971
cve@mitre.orghttp://secunia.com/advisories/55115
cve@mitre.orghttp://tomcat.apache.org/tomcat-7.0-doc/changelog.html
cve@mitre.orghttp://www.debian.org/security/2012/dsa-2401
cve@mitre.orghttp://www.kb.cert.org/vuls/id/903934US Government Resource
cve@mitre.orghttp://www.nruns.com/_downloads/advisory28122011.pdf
cve@mitre.orghttp://www.ocert.org/advisories/ocert-2011-003.html
cve@mitre.orghttp://www.securityfocus.com/bid/51200
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=750521
cve@mitre.orghttps://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:16:35.019Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py"
          },
          {
            "name": "DSA-2401",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2401"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
          },
          {
            "name": "RHSA-2012:0325",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0325.html"
          },
          {
            "name": "HPSBUX02860",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
          },
          {
            "name": "RHSA-2012:0078",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0078.html"
          },
          {
            "name": "51200",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/51200"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521"
          },
          {
            "name": "48791",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48791"
          },
          {
            "name": "oval:org.mitre.oval:def:18886",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
          },
          {
            "name": "RHSA-2012:0075",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html"
          },
          {
            "name": "RHSA-2012:0074",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html"
          },
          {
            "name": "48549",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48549"
          },
          {
            "name": "RHSA-2012:0089",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
          },
          {
            "name": "54971",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54971"
          },
          {
            "name": "48790",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48790"
          },
          {
            "name": "55115",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55115"
          },
          {
            "name": "VU#903934",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/903934"
          },
          {
            "name": "[announce] 20111228 [SECURITY] Apache Tomcat and the hashtable collision DoS vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e"
          },
          {
            "name": "SSRT100771",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
          },
          {
            "name": "SSRT100728",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
          },
          {
            "name": "RHSA-2012:0406",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
          },
          {
            "name": "HPSBMU02747",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
          },
          {
            "name": "SSRT101146",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
          },
          {
            "name": "HPSBUX02741",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
          },
          {
            "name": "RHSA-2012:0076",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html"
          },
          {
            "name": "RHSA-2012:0077",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0077.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ocert.org/advisories/ocert-2011-003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-12-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-08T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py"
        },
        {
          "name": "DSA-2401",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2401"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
        },
        {
          "name": "RHSA-2012:0325",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0325.html"
        },
        {
          "name": "HPSBUX02860",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
        },
        {
          "name": "RHSA-2012:0078",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0078.html"
        },
        {
          "name": "51200",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/51200"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521"
        },
        {
          "name": "48791",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48791"
        },
        {
          "name": "oval:org.mitre.oval:def:18886",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
        },
        {
          "name": "RHSA-2012:0075",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html"
        },
        {
          "name": "RHSA-2012:0074",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html"
        },
        {
          "name": "48549",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48549"
        },
        {
          "name": "RHSA-2012:0089",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
        },
        {
          "name": "54971",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54971"
        },
        {
          "name": "48790",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48790"
        },
        {
          "name": "55115",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55115"
        },
        {
          "name": "VU#903934",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/903934"
        },
        {
          "name": "[announce] 20111228 [SECURITY] Apache Tomcat and the hashtable collision DoS vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e"
        },
        {
          "name": "SSRT100771",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
        },
        {
          "name": "SSRT100728",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
        },
        {
          "name": "RHSA-2012:0406",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
        },
        {
          "name": "HPSBMU02747",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
        },
        {
          "name": "SSRT101146",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
        },
        {
          "name": "HPSBUX02741",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
        },
        {
          "name": "RHSA-2012:0076",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html"
        },
        {
          "name": "RHSA-2012:0077",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0077.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ocert.org/advisories/ocert-2011-003.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-4858",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py",
              "refsource": "MISC",
              "url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py"
            },
            {
              "name": "DSA-2401",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2401"
            },
            {
              "name": "http://www.nruns.com/_downloads/advisory28122011.pdf",
              "refsource": "MISC",
              "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
            },
            {
              "name": "RHSA-2012:0325",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0325.html"
            },
            {
              "name": "HPSBUX02860",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
            },
            {
              "name": "RHSA-2012:0078",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0078.html"
            },
            {
              "name": "51200",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/51200"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=750521",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521"
            },
            {
              "name": "48791",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48791"
            },
            {
              "name": "oval:org.mitre.oval:def:18886",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886"
            },
            {
              "name": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
            },
            {
              "name": "RHSA-2012:0075",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html"
            },
            {
              "name": "RHSA-2012:0074",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html"
            },
            {
              "name": "48549",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48549"
            },
            {
              "name": "RHSA-2012:0089",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
            },
            {
              "name": "54971",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54971"
            },
            {
              "name": "48790",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48790"
            },
            {
              "name": "55115",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55115"
            },
            {
              "name": "VU#903934",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/903934"
            },
            {
              "name": "[announce] 20111228 [SECURITY] Apache Tomcat and the hashtable collision DoS vulnerability",
              "refsource": "MLIST",
              "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e"
            },
            {
              "name": "SSRT100771",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
            },
            {
              "name": "SSRT100728",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
            },
            {
              "name": "RHSA-2012:0406",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
            },
            {
              "name": "HPSBMU02747",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
            },
            {
              "name": "SSRT101146",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
            },
            {
              "name": "HPSBUX02741",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
            },
            {
              "name": "RHSA-2012:0076",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html"
            },
            {
              "name": "RHSA-2012:0077",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0077.html"
            },
            {
              "name": "http://www.ocert.org/advisories/ocert-2011-003.html",
              "refsource": "MISC",
              "url": "http://www.ocert.org/advisories/ocert-2011-003.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-4858",
    "datePublished": "2012-01-05T19:00:00",
    "dateReserved": "2011-12-16T00:00:00",
    "dateUpdated": "2024-08-07T00:16:35.019Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-4858\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-01-05T19:55:01.033\",\"lastModified\":\"2023-11-07T02:09:38.600\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.\"},{\"lang\":\"es\",\"value\":\"Apache Tomcat antes de v5.5.35, v6.x antes de v6.0.35 y v7.x antes de v7.0.23 calcula los valores hash de los par\u00e1metros de los formularios, sin restringir la capacidad de desencadenar colisiones de hash de forma  predecible. Esto permite a atacantes remotos provocar una denegaci\u00f3n de servicio (por consumo de CPU) mediante el env\u00edo de gran cantidad de par\u00e1metros especialmente modificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2757803-A75D-4B98-8473-8B5C53F4D2B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49E3C039-A949-4F1B-892A-57147EECB249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F28C7801-41B9-4552-BA1E-577967BCBBEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25B21085-7259-4685-9D1F-FF98E6489E10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"635EE321-2A1F-4FF8-95BE-0C26591969D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A81B035-8598-4D2C-B45F-C6C9D4B10C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1096947-82A6-4EA8-A4F2-00D91E3F7DAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C95ADA4-66F5-45C4-A677-ACE22367A75A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11951A10-39A2-4FF5-8C43-DF94730FB794\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"351E5BCF-A56B-4D91-BA3C-21A4B77D529A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DC2BBB4-171E-4EFF-A575-A5B7FF031755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B6B0504-27C1-4824-A928-A878CBBAB32D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D903956B-14F5-4177-AF12-0A5F1846D3C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F847DC-A2F5-456C-9038-16A0E85F4C3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6B93A3A-D487-4CA1-8257-26F8FE287B8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD8802B2-57E0-4AA6-BC8E-00DE60468569\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8461DF95-18DC-4BF5-A703-7F19DA88DC30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F4C9BCF-9C73-4991-B02F-E08C5DA06EBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0682A754-5E5E-48D4-836A-16841FD59445\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A8F2DFC-6A74-43AB-A813-957A1F7097A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"277332E0-60D9-4318-A068-901F3B037FA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2823789C-2CB6-4300-94DB-BDBE83ABA8E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"759588B8-DD36-474E-978B-75638962E743\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5416C76-46ED-4CB1-A7F8-F24EA16DE7F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A61429EE-4331-430C-9830-58DCCBCBCB58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31B3593F-CEDF-423C-90F8-F88EED87DC3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE7862B2-E1FA-4E16-92CD-8918AB461D9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9E03BE3-60CC-4415-B993-D0BB00F87A30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE92E59A-FF0D-4D1A-8B12-CC41A7E1FD3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD64FE7-ABAF-49F3-B8D0-91C37C822F4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48E5E8C3-21AD-4230-B945-AB7DE66307B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2949EC36-0056-43F0-93EC-681EAC22B112\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F8C62EF-1B67-456A-9C66-755439CF8556\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A819E245-D641-4F19-9139-6C940504F6E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C381275-10C5-4939-BCE3-0D1F3B3CB2EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7205475A-6D04-4042-B24E-1DA5A57029B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08022987-B36B-4F63-88A5-A8F59195DF4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF4B7557-EF35-451E-B55D-3296966695AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8980E61E-27BE-4858-82B3-C0E8128AF521\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8756BF9B-3E24-4677-87AE-31CE776541F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88CE057E-2092-4C98-8D0C-75CF439D0A9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F194580-EE6D-4E38-87F3-F0661262256B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9731BAA-4C6C-4259-B786-F577D8A90FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F74A421-D019-4248-84B8-C70D4D9A8A95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05346F5A-FB52-4376-AAC7-9A5308216545\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"305688F2-50A6-41FB-8614-BC589DB9A789\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D24AA431-C436-4AA5-85DF-B9AAFF2548FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25966344-15D5-4101-9346-B06BFD2DFFF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11F4CBAC-27B1-4EFF-955A-A63B457D0578\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD55B338-9DBE-4643-ABED-A08964D3AF7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D4F710E-06EA-48F4-AC6A-6F143950F015\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C4936C2-0B2D-4C44-98C3-443090965F5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48453405-2319-4327-9F4C-6F70B49452C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49DD9544-6424-41A6-AEC0-EC19B8A10E71\"}]}]}],\"references\":[{\"url\":\"http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0074.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0075.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0076.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0077.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0078.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0089.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0325.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0406.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/48549\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/48790\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/48791\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/54971\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/55115\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://tomcat.apache.org/tomcat-7.0-doc/changelog.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2012/dsa-2401\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/903934\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.nruns.com/_downloads/advisory28122011.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ocert.org/advisories/ocert-2011-003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/51200\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=750521\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886\",\"source\":\"cve@mitre.org\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.