FKIE_CVE-2011-4885

Vulnerability from fkie_nvd - Published: 2011-12-30 01:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2012/May/msg00001.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=132871655717248&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=133469208622507&w=2
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2012-0071.html
cve@mitre.orghttp://secunia.com/advisories/47404
cve@mitre.orghttp://secunia.com/advisories/48668
cve@mitre.orghttp://support.apple.com/kb/HT5281
cve@mitre.orghttp://svn.php.net/viewvc?view=revision&revision=321003
cve@mitre.orghttp://svn.php.net/viewvc?view=revision&revision=321040
cve@mitre.orghttp://www.debian.org/security/2012/dsa-2399
cve@mitre.orghttp://www.exploit-db.com/exploits/18296
cve@mitre.orghttp://www.exploit-db.com/exploits/18305
cve@mitre.orghttp://www.kb.cert.org/vuls/id/903934US Government Resource
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2011:197
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2013:150
cve@mitre.orghttp://www.nruns.com/_downloads/advisory28122011.pdf
cve@mitre.orghttp://www.ocert.org/advisories/ocert-2011-003.html
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2012-0019.html
cve@mitre.orghttp://www.securityfocus.com/bid/51193
cve@mitre.orghttp://www.securitytracker.com/id?1026473
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/72021
cve@mitre.orghttps://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=132871655717248&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=133469208622507&w=2
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0071.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47404
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48668
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT5281
af854a3a-2127-422b-91ae-364da2661108http://svn.php.net/viewvc?view=revision&revision=321003
af854a3a-2127-422b-91ae-364da2661108http://svn.php.net/viewvc?view=revision&revision=321040
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2399
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/18296
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/18305
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/903934US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2011:197
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
af854a3a-2127-422b-91ae-364da2661108http://www.nruns.com/_downloads/advisory28122011.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.ocert.org/advisories/ocert-2011-003.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2012-0019.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/51193
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1026473
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/72021
af854a3a-2127-422b-91ae-364da2661108https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
Impacted products
Vendor Product Version
php php *
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.0
php php 5.0.1
php php 5.0.2
php php 5.0.3
php php 5.0.4
php php 5.0.5
php php 5.1.1
php php 5.1.2
php php 5.1.3
php php 5.1.4
php php 5.1.5
php php 5.1.6
php php 5.2.0
php php 5.2.1
php php 5.2.2
php php 5.2.3
php php 5.2.4
php php 5.2.5
php php 5.2.6
php php 5.2.7
php php 5.2.8
php php 5.2.9
php php 5.2.10
php php 5.2.11
php php 5.2.12
php php 5.2.14
php php 5.2.15
php php 5.2.16
php php 5.2.17
php php 5.3.0
php php 5.3.1
php php 5.3.2
php php 5.3.3
php php 5.3.4
php php 5.3.5
php php 5.3.6
php php 5.3.7
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C09D791-3577-4B41-821D-C3965FEF8FCC",
              "versionEndIncluding": "5.3.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7007E77F-60EF-44D8-9676-15B59DF1325F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E727CECE-E452-489A-A42F-5A069D6AF80E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "149A1FB8-593E-412B-8E1C-3E560301D500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "8FC144FA-8F84-44C0-B263-B639FEAD20FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "295907B4-C3DE-4021-BE3B-A8826D4379E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "B881352D-954E-4FC0-9E42-93D02A3F3089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17437AED-816A-4CCF-96DE-8C3D0CC8DB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E7AE59-1CB0-4300-BBE0-109F909789EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9222821E-370F-4616-B787-CC22C2F4E7CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9809449F-9A76-4318-B233-B4C2950A6EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AA962D4-A4EC-4DC3-B8A9-D10941B92781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E43B88-1563-4EFD-9267-AE3E8C35D67A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "11E5715F-A8BC-49EF-836B-BB78E1BC0790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA68843-158E-463E-B68A-1ACF041C4E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1874F637-77E2-4C4A-BF92-AEE96A60BFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9592B32E-55CD-42D0-901E-8319823BC820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9BF34B5-F74C-4D56-9841-42452D60CB87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCB6CDDD-70D3-4004-BCE0-8C4723076103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A782CA26-9C38-40A8-92AE-D47B14D2FCE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C0E7E2A-4770-4B68-B74C-5F5A6E1876DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0892C89E-9389-4452-B7E0-981A763CD426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "635F3CB1-B042-43CC-91AB-746098018D8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1F32DDF-17A3-45B5-9227-833EBEBD3923",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CDFB7E9-8510-430F-BFBC-FD811D60DC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "79D5336A-14AA-483E-9CBE-A7B53120B925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "95D48A71-B84E-4B6C-9603-B3373052E568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAB7D55-F155-43F9-A563-F2E35CFFEF26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "72243A3F-6BFD-472B-9EA4-82BE4253ED27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "E415CC22-09CA-47D2-9F1A-0BCA8960835B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EF4B938-BB14-4C06-BEE9-10CA755C5DEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "981C922C-7A7D-473E-8C43-03AB62FB5B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D0CD11A-09C2-4C60-8F0C-68E55BD6EE63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0F40E4A-E125-4099-A8B3-D42614AA9312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4933D9DD-A630-4A3D-9D13-9E182F5F6F8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9E6D530-91FC-42F4-A427-6601238E0187",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC938DB-E066-407F-BDF8-61A1C41136F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACDF768D-7F5A-4042-B7DD-398F65F3F094",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters."
    },
    {
      "lang": "es",
      "value": "PHP anterior a v5.3.9 calcula los valores hash de los par\u00e1metros de forma, sin restringir la capacidad de desencadenar colisiones hash predecible, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) mediante el env\u00edo de gran cantidad de par\u00e1metros a mano."
    }
  ],
  "id": "CVE-2011-4885",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-12-30T01:55:01.563",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0071.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/47404"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48668"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT5281"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://svn.php.net/viewvc?view=revision\u0026revision=321003"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://svn.php.net/viewvc?view=revision\u0026revision=321040"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2012/dsa-2399"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.exploit-db.com/exploits/18296"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.exploit-db.com/exploits/18305"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/903934"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:197"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ocert.org/advisories/ocert-2011-003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2012-0019.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/51193"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1026473"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72021"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=133469208622507\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0071.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/47404"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.php.net/viewvc?view=revision\u0026revision=321003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.php.net/viewvc?view=revision\u0026revision=321040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2399"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/18296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/18305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/903934"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ocert.org/advisories/ocert-2011-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2012-0019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.