Vulnerability-Lookup

CVE-2011-4858 (GCVE-0-2011-4858)

Vulnerability from cvelistv5 – Published: 2012-01-05 19:00 – Updated: 2024-08-07 00:16

Summary

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/FireFart/HashCollision-DOS-POC…	x_refsource_MISC
	http://www.debian.org/security/2012/dsa-2401	vendor-advisoryx_refsource_DEBIAN
	http://www.nruns.com/_downloads/advisory28122011.pdf	x_refsource_MISC
	http://rhn.redhat.com/errata/RHSA-2012-0325.html	vendor-advisoryx_refsource_REDHAT
	http://marc.info/?l=bugtraq&m=136485229118404&w=2	vendor-advisoryx_refsource_HP
	http://rhn.redhat.com/errata/RHSA-2012-0078.html	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/51200	vdb-entryx_refsource_BID
	https://bugzilla.redhat.com/show_bug.cgi?id=750521	x_refsource_CONFIRM
	http://secunia.com/advisories/48791	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://tomcat.apache.org/tomcat-7.0-doc/changelog.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2012-0075.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2012-0074.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/48549	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2012-0089.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/54971	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/48790	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/55115	third-party-advisoryx_refsource_SECUNIA
	http://www.kb.cert.org/vuls/id/903934	third-party-advisoryx_refsource_CERT-VN
	http://mail-archives.apache.org/mod_mbox/tomcat-a…	mailing-listx_refsource_MLIST
	http://marc.info/?l=bugtraq&m=133294394108746&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=132871655717248&w=2	vendor-advisoryx_refsource_HP
	http://rhn.redhat.com/errata/RHSA-2012-0406.html	vendor-advisoryx_refsource_REDHAT
	http://marc.info/?l=bugtraq&m=133294394108746&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=136485229118404&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=132871655717248&w=2	vendor-advisoryx_refsource_HP
	http://rhn.redhat.com/errata/RHSA-2012-0076.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2012-0077.html	vendor-advisoryx_refsource_REDHAT
	http://www.ocert.org/advisories/ocert-2011-003.html	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:16:35.019Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py"
          },
          {
            "name": "DSA-2401",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2401"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
          },
          {
            "name": "RHSA-2012:0325",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0325.html"
          },
          {
            "name": "HPSBUX02860",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
          },
          {
            "name": "RHSA-2012:0078",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0078.html"
          },
          {
            "name": "51200",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/51200"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521"
          },
          {
            "name": "48791",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48791"
          },
          {
            "name": "oval:org.mitre.oval:def:18886",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
          },
          {
            "name": "RHSA-2012:0075",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html"
          },
          {
            "name": "RHSA-2012:0074",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html"
          },
          {
            "name": "48549",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48549"
          },
          {
            "name": "RHSA-2012:0089",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
          },
          {
            "name": "54971",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54971"
          },
          {
            "name": "48790",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48790"
          },
          {
            "name": "55115",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55115"
          },
          {
            "name": "VU#903934",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/903934"
          },
          {
            "name": "[announce] 20111228 [SECURITY] Apache Tomcat and the hashtable collision DoS vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e"
          },
          {
            "name": "SSRT100771",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
          },
          {
            "name": "SSRT100728",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
          },
          {
            "name": "RHSA-2012:0406",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
          },
          {
            "name": "HPSBMU02747",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
          },
          {
            "name": "SSRT101146",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
          },
          {
            "name": "HPSBUX02741",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
          },
          {
            "name": "RHSA-2012:0076",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html"
          },
          {
            "name": "RHSA-2012:0077",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0077.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ocert.org/advisories/ocert-2011-003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-12-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-08T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py"
        },
        {
          "name": "DSA-2401",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2401"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
        },
        {
          "name": "RHSA-2012:0325",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0325.html"
        },
        {
          "name": "HPSBUX02860",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
        },
        {
          "name": "RHSA-2012:0078",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0078.html"
        },
        {
          "name": "51200",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/51200"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521"
        },
        {
          "name": "48791",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48791"
        },
        {
          "name": "oval:org.mitre.oval:def:18886",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
        },
        {
          "name": "RHSA-2012:0075",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html"
        },
        {
          "name": "RHSA-2012:0074",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html"
        },
        {
          "name": "48549",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48549"
        },
        {
          "name": "RHSA-2012:0089",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
        },
        {
          "name": "54971",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54971"
        },
        {
          "name": "48790",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48790"
        },
        {
          "name": "55115",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55115"
        },
        {
          "name": "VU#903934",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/903934"
        },
        {
          "name": "[announce] 20111228 [SECURITY] Apache Tomcat and the hashtable collision DoS vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e"
        },
        {
          "name": "SSRT100771",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
        },
        {
          "name": "SSRT100728",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
        },
        {
          "name": "RHSA-2012:0406",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
        },
        {
          "name": "HPSBMU02747",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
        },
        {
          "name": "SSRT101146",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
        },
        {
          "name": "HPSBUX02741",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
        },
        {
          "name": "RHSA-2012:0076",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html"
        },
        {
          "name": "RHSA-2012:0077",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0077.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ocert.org/advisories/ocert-2011-003.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-4858",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py",
              "refsource": "MISC",
              "url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py"
            },
            {
              "name": "DSA-2401",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2401"
            },
            {
              "name": "http://www.nruns.com/_downloads/advisory28122011.pdf",
              "refsource": "MISC",
              "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
            },
            {
              "name": "RHSA-2012:0325",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0325.html"
            },
            {
              "name": "HPSBUX02860",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
            },
            {
              "name": "RHSA-2012:0078",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0078.html"
            },
            {
              "name": "51200",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/51200"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=750521",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521"
            },
            {
              "name": "48791",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48791"
            },
            {
              "name": "oval:org.mitre.oval:def:18886",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886"
            },
            {
              "name": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
            },
            {
              "name": "RHSA-2012:0075",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html"
            },
            {
              "name": "RHSA-2012:0074",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html"
            },
            {
              "name": "48549",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48549"
            },
            {
              "name": "RHSA-2012:0089",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
            },
            {
              "name": "54971",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54971"
            },
            {
              "name": "48790",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48790"
            },
            {
              "name": "55115",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55115"
            },
            {
              "name": "VU#903934",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/903934"
            },
            {
              "name": "[announce] 20111228 [SECURITY] Apache Tomcat and the hashtable collision DoS vulnerability",
              "refsource": "MLIST",
              "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e"
            },
            {
              "name": "SSRT100771",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
            },
            {
              "name": "SSRT100728",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
            },
            {
              "name": "RHSA-2012:0406",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
            },
            {
              "name": "HPSBMU02747",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
            },
            {
              "name": "SSRT101146",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
            },
            {
              "name": "HPSBUX02741",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
            },
            {
              "name": "RHSA-2012:0076",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html"
            },
            {
              "name": "RHSA-2012:0077",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0077.html"
            },
            {
              "name": "http://www.ocert.org/advisories/ocert-2011-003.html",
              "refsource": "MISC",
              "url": "http://www.ocert.org/advisories/ocert-2011-003.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-4858",
    "datePublished": "2012-01-05T19:00:00.000Z",
    "dateReserved": "2011-12-16T00:00:00.000Z",
    "dateUpdated": "2024-08-07T00:16:35.019Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2011-4858

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-4858

Aliases

CVE-2011-4858

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-4858",
    "description": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.",
    "id": "GSD-2011-4858",
    "references": [
      "https://www.suse.com/security/cve/CVE-2011-4858.html",
      "https://www.debian.org/security/2012/dsa-2401",
      "https://access.redhat.com/errata/RHSA-2012:0682",
      "https://access.redhat.com/errata/RHSA-2012:0681",
      "https://access.redhat.com/errata/RHSA-2012:0680",
      "https://access.redhat.com/errata/RHSA-2012:0679",
      "https://access.redhat.com/errata/RHSA-2012:0475",
      "https://access.redhat.com/errata/RHSA-2012:0474",
      "https://access.redhat.com/errata/RHSA-2012:0406",
      "https://access.redhat.com/errata/RHSA-2012:0325",
      "https://access.redhat.com/errata/RHSA-2012:0091",
      "https://access.redhat.com/errata/RHSA-2012:0089",
      "https://access.redhat.com/errata/RHSA-2012:0078",
      "https://access.redhat.com/errata/RHSA-2012:0077",
      "https://access.redhat.com/errata/RHSA-2012:0076",
      "https://access.redhat.com/errata/RHSA-2012:0075",
      "https://access.redhat.com/errata/RHSA-2012:0074",
      "https://access.redhat.com/errata/RHSA-2012:0041",
      "https://linux.oracle.com/cve/CVE-2011-4858.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-4858"
      ],
      "details": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.",
      "id": "GSD-2011-4858",
      "modified": "2023-12-13T01:19:06.079935Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2011-4858",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py",
            "refsource": "MISC",
            "url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py"
          },
          {
            "name": "DSA-2401",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2012/dsa-2401"
          },
          {
            "name": "http://www.nruns.com/_downloads/advisory28122011.pdf",
            "refsource": "MISC",
            "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
          },
          {
            "name": "RHSA-2012:0325",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0325.html"
          },
          {
            "name": "HPSBUX02860",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
          },
          {
            "name": "RHSA-2012:0078",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0078.html"
          },
          {
            "name": "51200",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/51200"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=750521",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521"
          },
          {
            "name": "48791",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/48791"
          },
          {
            "name": "oval:org.mitre.oval:def:18886",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886"
          },
          {
            "name": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html",
            "refsource": "CONFIRM",
            "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
          },
          {
            "name": "RHSA-2012:0075",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html"
          },
          {
            "name": "RHSA-2012:0074",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html"
          },
          {
            "name": "48549",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/48549"
          },
          {
            "name": "RHSA-2012:0089",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
          },
          {
            "name": "54971",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/54971"
          },
          {
            "name": "48790",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/48790"
          },
          {
            "name": "55115",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/55115"
          },
          {
            "name": "VU#903934",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/903934"
          },
          {
            "name": "[announce] 20111228 [SECURITY] Apache Tomcat and the hashtable collision DoS vulnerability",
            "refsource": "MLIST",
            "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e"
          },
          {
            "name": "SSRT100771",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
          },
          {
            "name": "SSRT100728",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
          },
          {
            "name": "RHSA-2012:0406",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
          },
          {
            "name": "HPSBMU02747",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
          },
          {
            "name": "SSRT101146",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
          },
          {
            "name": "HPSBUX02741",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
          },
          {
            "name": "RHSA-2012:0076",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html"
          },
          {
            "name": "RHSA-2012:0077",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0077.html"
          },
          {
            "name": "http://www.ocert.org/advisories/ocert-2011-003.html",
            "refsource": "MISC",
            "url": "http://www.ocert.org/advisories/ocert-2011-003.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[5.5.0,5.5.35),[6.0.0,6.0.35),[7.0.0,7.0.23)",
          "affected_versions": "All versions starting from 5.5.0 before 5.5.35, all versions starting from 6.0.0 before 6.0.35, all versions starting from 7.0.0 before 7.0.23",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cwe_ids": [
            "CWE-1035",
            "CWE-399",
            "CWE-937"
          ],
          "date": "2022-07-13",
          "description": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.",
          "fixed_versions": [
            "5.5.35",
            "6.0.35",
            "7.0.23"
          ],
          "identifier": "CVE-2011-4858",
          "identifiers": [
            "GHSA-wr3m-gw98-mc3j",
            "CVE-2011-4858"
          ],
          "not_impacted": "All versions before 5.5.0, all versions starting from 5.5.35 before 6.0.0, all versions starting from 6.0.35 before 7.0.0, all versions starting from 7.0.23",
          "package_slug": "maven/org.apache.tomcat/tomcat",
          "pubdate": "2022-05-14",
          "solution": "Upgrade to versions 5.5.35, 6.0.35, 7.0.23 or above.",
          "title": "Improper Input Validation in Apache Tomcat",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2011-4858",
            "https://bugzilla.redhat.com/show_bug.cgi?id=750521",
            "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py",
            "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886",
            "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e",
            "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2",
            "http://rhn.redhat.com/errata/RHSA-2012-0074.html",
            "http://rhn.redhat.com/errata/RHSA-2012-0075.html",
            "http://rhn.redhat.com/errata/RHSA-2012-0076.html",
            "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html",
            "http://www.debian.org/security/2012/dsa-2401",
            "http://www.kb.cert.org/vuls/id/903934",
            "http://www.nruns.com/_downloads/advisory28122011.pdf",
            "http://www.ocert.org/advisories/ocert-2011-003.html",
            "https://github.com/advisories/GHSA-wr3m-gw98-mc3j"
          ],
          "uuid": "d69b48bf-a7d7-4b2d-a08a-90c9708b2e2a"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-4858"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=750521",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521"
            },
            {
              "name": "[announce] 20111228 [SECURITY] Apache Tomcat and the hashtable collision DoS vulnerability",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e"
            },
            {
              "name": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
            },
            {
              "name": "VU#903934",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/903934"
            },
            {
              "name": "http://www.nruns.com/_downloads/advisory28122011.pdf",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
            },
            {
              "name": "http://www.ocert.org/advisories/ocert-2011-003.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.ocert.org/advisories/ocert-2011-003.html"
            },
            {
              "name": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py",
              "refsource": "MISC",
              "tags": [],
              "url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py"
            },
            {
              "name": "SSRT100728",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
            },
            {
              "name": "DSA-2401",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2012/dsa-2401"
            },
            {
              "name": "48791",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/48791"
            },
            {
              "name": "48790",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/48790"
            },
            {
              "name": "HPSBUX02860",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
            },
            {
              "name": "54971",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/54971"
            },
            {
              "name": "55115",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/55115"
            },
            {
              "name": "RHSA-2012:0089",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
            },
            {
              "name": "RHSA-2012:0406",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
            },
            {
              "name": "RHSA-2012:0074",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html"
            },
            {
              "name": "RHSA-2012:0075",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html"
            },
            {
              "name": "RHSA-2012:0325",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0325.html"
            },
            {
              "name": "RHSA-2012:0076",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html"
            },
            {
              "name": "RHSA-2012:0078",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0078.html"
            },
            {
              "name": "RHSA-2012:0077",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0077.html"
            },
            {
              "name": "51200",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/51200"
            },
            {
              "name": "oval:org.mitre.oval:def:18886",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886"
            },
            {
              "name": "48549",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/48549"
            },
            {
              "name": "SSRT100771",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-01-09T02:29Z",
      "publishedDate": "2012-01-05T19:55Z"
    }
  }
}

CERTA-2012-AVI-065

Vulnerability from certfr_avis - Published: 2012-02-08 - Updated: 2012-02-08

De multiples vulnérabilités ont été corrigées dans JBoss Operations Network.

Description

Une mise à jour de JBoss Operations Network corrige de multiples vulnérabilités. Les vulnérabilités associées à un numéro CVE sont les suivantes :

CVE-2012-0052 et CVE-2012-0062 : ces vulnérabilités permettent à un utilisateur distant malintentionné de détourner la session d'un agent approuvé et de voler son jeton de sécurité. Ceci permettra à l'attaquant de récupérer des informations sensibles à propos du serveur sur lequel l'agent s'exécute ;
CVE-2011-4858 : cette vulnérabilité permet à un attaquant d'effectuer un déni de service à distance sur le serveur JBoss Web ;
CVE-2011-3206 : cette vulnérabilité concerne de multiples failles XSS dans l'interface d'administration de JBoss Operations Network ;
CVE-2011-4573 : cette vulnérabilité concerne une vérification qui n'est pas effectuée correctement par JBoss Operations Network lorsqu'un utilisateur tente de supprimer une mise à jour de configuration de plugin (plug-in configuration update).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

JBoss Operations Network versions 2.4.1 et inférieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité REDHAT RHSA-2012:0089-1 du 01 février 2012	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2012:0089 du 08 février 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003eJBoss Operations Network\u003c/SPAN\u003e versions  2.4.1 et inf\u00e9rieures.\u003c/P\u003e",
  "content": "## Description\n\nUne mise \u00e0 jour de JBoss Operations Network corrige de multiples\nvuln\u00e9rabilit\u00e9s. Les vuln\u00e9rabilit\u00e9s associ\u00e9es \u00e0 un num\u00e9ro CVE sont les\nsuivantes :\n\n-   CVE-2012-0052 et CVE-2012-0062 : ces vuln\u00e9rabilit\u00e9s permettent \u00e0 un\n    utilisateur distant malintentionn\u00e9 de d\u00e9tourner la session d\u0027un\n    agent approuv\u00e9 et de voler son jeton de s\u00e9curit\u00e9. Ceci permettra \u00e0\n    l\u0027attaquant de r\u00e9cup\u00e9rer des informations sensibles \u00e0 propos du\n    serveur sur lequel l\u0027agent s\u0027ex\u00e9cute ;\n-   CVE-2011-4858 : cette vuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant\n    d\u0027effectuer un d\u00e9ni de service \u00e0 distance sur le serveur JBoss Web ;\n-   CVE-2011-3206 : cette vuln\u00e9rabilit\u00e9 concerne de multiples failles\n    XSS dans l\u0027interface d\u0027administration de JBoss Operations Network ;\n-   CVE-2011-4573 : cette vuln\u00e9rabilit\u00e9 concerne une v\u00e9rification qui\n    n\u0027est pas effectu\u00e9e correctement par JBoss Operations Network\n    lorsqu\u0027un utilisateur tente de supprimer une mise \u00e0 jour de\n    configuration de plugin (plug-in configuration update).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-4858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4858"
    },
    {
      "name": "CVE-2011-4573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4573"
    },
    {
      "name": "CVE-2011-3206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3206"
    },
    {
      "name": "CVE-2012-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0052"
    },
    {
      "name": "CVE-2012-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0062"
    }
  ],
  "initial_release_date": "2012-02-08T00:00:00",
  "last_revision_date": "2012-02-08T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2012:0089 du 08 f\u00e9vrier    2012 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
    }
  ],
  "reference": "CERTA-2012-AVI-065",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-02-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eJBoss Operations Network\u003c/span\u003e.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans JBoss Operations Network",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 REDHAT RHSA-2012:0089-1 du 01 f\u00e9vrier 2012",
      "url": null
    }
  ]
}

CERTA-2012-AVI-063

Vulnerability from certfr_avis - Published: 2012-02-08 - Updated: 2012-02-08

Plusieurs vulnérabilités affectant Apache Tomcat Servlet Engine ont été corrigées. Celles-ci permettent à un attaquant de réaliser un déni de service à distance ou de contourner des restrictions d'accès.

Description

Quatre vulnérabilités ont été corrigées. Trois d'entre elles permettent à un attaquant de réaliser un déni de service à distance au moyen de requêtes spécialement conçues (CVE-2011-4858, CVE-2011-4885 et CVE-2012-0022). La quatrième (CVE-2006-7243) permet à un attaquant de placer des fichiers sur le serveur en contournant des restrictions d'accès.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Systèmes HP-UX versions B.11.23 et B.11.31 avec Apache Web Server Suite versions antérieures à 3.21.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c03183543 du 6 février 2012	None	vendor-advisory
Bulletin de sécurité HP c03183543 du 06 février 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSyst\u00e8mes HP-UX versions B.11.23 et  B.11.31 avec Apache Web Server Suite versions ant\u00e9rieures \u00e0 3.21.\u003c/p\u003e",
  "content": "## Description\n\nQuatre vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es. Trois d\u0027entre elles permettent\n\u00e0 un attaquant de r\u00e9aliser un d\u00e9ni de service \u00e0 distance au moyen de\nrequ\u00eates sp\u00e9cialement con\u00e7ues (CVE-2011-4858, CVE-2011-4885 et\nCVE-2012-0022). La quatri\u00e8me (CVE-2006-7243) permet \u00e0 un attaquant de\nplacer des fichiers sur le serveur en contournant des restrictions\nd\u0027acc\u00e8s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-4858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4858"
    },
    {
      "name": "CVE-2006-7243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7243"
    },
    {
      "name": "CVE-2012-0022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0022"
    },
    {
      "name": "CVE-2011-4885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
    }
  ],
  "initial_release_date": "2012-02-08T00:00:00",
  "last_revision_date": "2012-02-08T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03183543 du 06 f\u00e9vrier 2012 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03183543"
    }
  ],
  "reference": "CERTA-2012-AVI-063",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-02-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant Apache Tomcat Servlet Engine ont \u00e9t\u00e9\ncorrig\u00e9es. Celles-ci permettent \u00e0 un attaquant de r\u00e9aliser un d\u00e9ni de\nservice \u00e0 distance ou de contourner des restrictions d\u0027acc\u00e8s.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache pour HP-UX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03183543 du 6 f\u00e9vrier 2012",
      "url": null
    }
  ]
}

CERTA-2012-AVI-066

Vulnerability from certfr_avis - Published: 2012-02-08 - Updated: 2012-02-08

Plusieurs vulnérabilités permettant de contourner la politique de sécurité, d'exécuter du code arbitraire ou de réaliser un déni de service à distance ont été corrigées dans JBoss Enterprise Portal Platform.

Description

De multiples vulnérabilités ont été corrigées dans JBoss Enterprise Portal Platform. Ces vulnérabilités peuvent être exploitées pour :

exécuter du code Java arbitraire à distance (CVE-2011-1484) ;
provoquer un déni de service à distance (CVE-2011-4858) ;
effectuer des rejeux de session (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064) ;
effectuer des requêtes non authentifiées (CVE-2011-4085) ;
contourner les restrictions d'accès à certains fichiers (CVE-2011-2526).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

JBoss Enterprise Portal Platform 4.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Red Hat RHSA-2012-0091	None	vendor-advisory
Bulletin de sécurité RedHat RHSA-2012:0091 du 02 février 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eJBoss Enterprise Portal Platform 4.x.\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans JBoss Enterprise\nPortal Platform. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es pour :\n\n-   ex\u00e9cuter du code Java arbitraire \u00e0 distance (CVE-2011-1484) ;\n-   provoquer un d\u00e9ni de service \u00e0 distance (CVE-2011-4858) ;\n-   effectuer des rejeux de session (CVE-2011-1184, CVE-2011-5062,\n    CVE-2011-5063, CVE-2011-5064) ;\n-   effectuer des requ\u00eates non authentifi\u00e9es (CVE-2011-4085) ;\n-   contourner les restrictions d\u0027acc\u00e8s \u00e0 certains fichiers\n    (CVE-2011-2526).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-5062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5062"
    },
    {
      "name": "CVE-2011-1484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1484"
    },
    {
      "name": "CVE-2011-4858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4858"
    },
    {
      "name": "CVE-2011-4085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4085"
    },
    {
      "name": "CVE-2011-5063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5063"
    },
    {
      "name": "CVE-2011-1184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1184"
    },
    {
      "name": "CVE-2011-2526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2526"
    },
    {
      "name": "CVE-2011-5064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5064"
    }
  ],
  "initial_release_date": "2012-02-08T00:00:00",
  "last_revision_date": "2012-02-08T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2012:0091 du 02 f\u00e9vrier    2012 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0091.html"
    }
  ],
  "reference": "CERTA-2012-AVI-066",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-02-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant de contourner la politique de\ns\u00e9curit\u00e9, d\u0027ex\u00e9cuter du code arbitraire ou de r\u00e9aliser un d\u00e9ni de\nservice \u00e0 distance ont \u00e9t\u00e9 corrig\u00e9es dans JBoss Enterprise Portal\nPlatform.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans JBoss Enterprise Platform",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2012-0091",
      "url": null
    }
  ]
}

CERTA-2013-AVI-440

Vulnerability from certfr_avis - Published: 2013-07-29 - Updated: 2013-07-29

De multiples vulnérabilités ont été corrigées dans HP Network Node Manager I. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	HP Network Node Manager I version 9.1 antérieures au correctif HF-NNMi-9.1xP5-JBoss-20130417
	N/A	N/A	HP Network Node Manager I version 9.0 antérieures au correctif HF-NNMi-9.0xP5-JBoss-20130417

References

Title

Publication Time

Tags

Bulletin de sécurité HP du 24 juillet 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP Network Node Manager I version 9.1 ant\u00e9rieures au correctif HF-NNMi-9.1xP5-JBoss-20130417",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP Network Node Manager I version 9.0 ant\u00e9rieures au correctif HF-NNMi-9.0xP5-JBoss-20130417",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2196"
    },
    {
      "name": "CVE-2011-4605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4605"
    },
    {
      "name": "CVE-2010-1429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
    },
    {
      "name": "CVE-2011-4858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4858"
    },
    {
      "name": "CVE-2010-0738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
    },
    {
      "name": "CVE-2010-1428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
    },
    {
      "name": "CVE-2009-3554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3554"
    },
    {
      "name": "CVE-2012-3546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2011-1483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1483"
    }
  ],
  "initial_release_date": "2013-07-29T00:00:00",
  "last_revision_date": "2013-07-29T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-440",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-07-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHP Network Node Manager I\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP Network Node Manager I",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP du 24 juillet 2013",
      "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03824583"
    }
  ]
}

GHSA-WR3M-GW98-MC3J

Vulnerability from github – Published: 2022-05-14 03:52 – Updated: 2022-07-13 18:25

Summary

Improper Input Validation in Apache Tomcat

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.5.0"
            },
            {
              "fixed": "5.5.35"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.0.35"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2011-4858"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-13T18:25:49Z",
    "nvd_published_at": "2012-01-05T19:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.",
  "id": "GHSA-wr3m-gw98-mc3j",
  "modified": "2022-07-13T18:25:49Z",
  "published": "2022-05-14T03:52:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4858"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886"
    },
    {
      "type": "WEB",
      "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2401"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/903934"
    },
    {
      "type": "WEB",
      "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.ocert.org/advisories/ocert-2011-003.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Improper Input Validation in Apache Tomcat"
}

FKIE_CVE-2011-4858

Vulnerability from fkie_nvd - Published: 2012-01-05 19:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e
cve@mitre.org	http://marc.info/?l=bugtraq&m=132871655717248&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=133294394108746&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=136485229118404&w=2
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2012-0074.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2012-0075.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2012-0076.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2012-0077.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2012-0078.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2012-0089.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2012-0325.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2012-0406.html
cve@mitre.org	http://secunia.com/advisories/48549
cve@mitre.org	http://secunia.com/advisories/48790
cve@mitre.org	http://secunia.com/advisories/48791
cve@mitre.org	http://secunia.com/advisories/54971
cve@mitre.org	http://secunia.com/advisories/55115
cve@mitre.org	http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
cve@mitre.org	http://www.debian.org/security/2012/dsa-2401
cve@mitre.org	http://www.kb.cert.org/vuls/id/903934	US Government Resource
cve@mitre.org	http://www.nruns.com/_downloads/advisory28122011.pdf
cve@mitre.org	http://www.ocert.org/advisories/ocert-2011-003.html
cve@mitre.org	http://www.securityfocus.com/bid/51200
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=750521
cve@mitre.org	https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886
af854a3a-2127-422b-91ae-364da2661108	http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=132871655717248&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=133294394108746&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=136485229118404&w=2
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0074.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0075.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0076.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0077.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0078.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0089.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0325.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0406.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48549
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48790
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48791
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54971
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/55115
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2401
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/903934	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.nruns.com/_downloads/advisory28122011.pdf
af854a3a-2127-422b-91ae-364da2661108	http://www.ocert.org/advisories/ocert-2011-003.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/51200
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=750521
af854a3a-2127-422b-91ae-364da2661108	https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886

Impacted products

Vendor	Product	Version
apache	tomcat	5.5.35
apache	tomcat	6.0.0
apache	tomcat	6.0.1
apache	tomcat	6.0.2
apache	tomcat	6.0.3
apache	tomcat	6.0.4
apache	tomcat	6.0.5
apache	tomcat	6.0.6
apache	tomcat	6.0.7
apache	tomcat	6.0.8
apache	tomcat	6.0.9
apache	tomcat	6.0.10
apache	tomcat	6.0.11
apache	tomcat	6.0.12
apache	tomcat	6.0.13
apache	tomcat	6.0.14
apache	tomcat	6.0.15
apache	tomcat	6.0.16
apache	tomcat	6.0.17
apache	tomcat	6.0.18
apache	tomcat	6.0.19
apache	tomcat	6.0.20
apache	tomcat	6.0.21
apache	tomcat	6.0.22
apache	tomcat	6.0.23
apache	tomcat	6.0.24
apache	tomcat	6.0.25
apache	tomcat	6.0.26
apache	tomcat	6.0.27
apache	tomcat	6.0.28
apache	tomcat	6.0.29
apache	tomcat	6.0.30
apache	tomcat	6.0.31
apache	tomcat	6.0.32
apache	tomcat	6.0.33
apache	tomcat	6.0.34
apache	tomcat	7.0.0
apache	tomcat	7.0.1
apache	tomcat	7.0.2
apache	tomcat	7.0.3
apache	tomcat	7.0.4
apache	tomcat	7.0.5
apache	tomcat	7.0.6
apache	tomcat	7.0.7
apache	tomcat	7.0.8
apache	tomcat	7.0.9
apache	tomcat	7.0.10
apache	tomcat	7.0.11
apache	tomcat	7.0.12
apache	tomcat	7.0.13
apache	tomcat	7.0.14
apache	tomcat	7.0.15
apache	tomcat	7.0.16
apache	tomcat	7.0.17
apache	tomcat	7.0.18
apache	tomcat	7.0.19
apache	tomcat	7.0.20
apache	tomcat	7.0.21
apache	tomcat	7.0.22

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2757803-A75D-4B98-8473-8B5C53F4D2B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E3C039-A949-4F1B-892A-57147EECB249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28C7801-41B9-4552-BA1E-577967BCBBEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "25B21085-7259-4685-9D1F-FF98E6489E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "635EE321-2A1F-4FF8-95BE-0C26591969D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A81B035-8598-4D2C-B45F-C6C9D4B10C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1096947-82A6-4EA8-A4F2-00D91E3F7DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C95ADA4-66F5-45C4-A677-ACE22367A75A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "11951A10-39A2-4FF5-8C43-DF94730FB794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "351E5BCF-A56B-4D91-BA3C-21A4B77D529A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DC2BBB4-171E-4EFF-A575-A5B7FF031755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B6B0504-27C1-4824-A928-A878CBBAB32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "D903956B-14F5-4177-AF12-0A5F1846D3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F847DC-A2F5-456C-9038-16A0E85F4C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6B93A3A-D487-4CA1-8257-26F8FE287B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8802B2-57E0-4AA6-BC8E-00DE60468569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "8461DF95-18DC-4BF5-A703-7F19DA88DC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F4C9BCF-9C73-4991-B02F-E08C5DA06EBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0682A754-5E5E-48D4-836A-16841FD59445",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A8F2DFC-6A74-43AB-A813-957A1F7097A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "277332E0-60D9-4318-A068-901F3B037FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "2823789C-2CB6-4300-94DB-BDBE83ABA8E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "759588B8-DD36-474E-978B-75638962E743",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5416C76-46ED-4CB1-A7F8-F24EA16DE7F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "A61429EE-4331-430C-9830-58DCCBCBCB58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "31B3593F-CEDF-423C-90F8-F88EED87DC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE7862B2-E1FA-4E16-92CD-8918AB461D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9E03BE3-60CC-4415-B993-D0BB00F87A30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE92E59A-FF0D-4D1A-8B12-CC41A7E1FD3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD64FE7-ABAF-49F3-B8D0-91C37C822F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "48E5E8C3-21AD-4230-B945-AB7DE66307B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "2949EC36-0056-43F0-93EC-681EAC22B112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F8C62EF-1B67-456A-9C66-755439CF8556",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A819E245-D641-4F19-9139-6C940504F6E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C381275-10C5-4939-BCE3-0D1F3B3CB2EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7205475A-6D04-4042-B24E-1DA5A57029B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "08022987-B36B-4F63-88A5-A8F59195DF4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF4B7557-EF35-451E-B55D-3296966695AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8980E61E-27BE-4858-82B3-C0E8128AF521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8756BF9B-3E24-4677-87AE-31CE776541F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "88CE057E-2092-4C98-8D0C-75CF439D0A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F194580-EE6D-4E38-87F3-F0661262256B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9731BAA-4C6C-4259-B786-F577D8A90FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F74A421-D019-4248-84B8-C70D4D9A8A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "05346F5A-FB52-4376-AAC7-9A5308216545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "305688F2-50A6-41FB-8614-BC589DB9A789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "D24AA431-C436-4AA5-85DF-B9AAFF2548FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "25966344-15D5-4101-9346-B06BFD2DFFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "11F4CBAC-27B1-4EFF-955A-A63B457D0578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD55B338-9DBE-4643-ABED-A08964D3AF7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D4F710E-06EA-48F4-AC6A-6F143950F015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C4936C2-0B2D-4C44-98C3-443090965F5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "48453405-2319-4327-9F4C-6F70B49452C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "49DD9544-6424-41A6-AEC0-EC19B8A10E71",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters."
    },
    {
      "lang": "es",
      "value": "Apache Tomcat antes de v5.5.35, v6.x antes de v6.0.35 y v7.x antes de v7.0.23 calcula los valores hash de los par\u00e1metros de los formularios, sin restringir la capacidad de desencadenar colisiones de hash de forma  predecible. Esto permite a atacantes remotos provocar una denegaci\u00f3n de servicio (por consumo de CPU) mediante el env\u00edo de gran cantidad de par\u00e1metros especialmente modificados."
    }
  ],
  "id": "CVE-2011-4858",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-01-05T19:55:01.033",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0077.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0078.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0325.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48549"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48790"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48791"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/54971"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/55115"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2012/dsa-2401"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/903934"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ocert.org/advisories/ocert-2011-003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/51200"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0074.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0075.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0076.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0077.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0078.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0325.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/54971"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/903934"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ocert.org/advisories/ocert-2011-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-4858 (GCVE-0-2011-4858)

GSD-2011-4858

CERTA-2012-AVI-065

Description

Solution

CERTA-2012-AVI-063

Description

Solution

CERTA-2012-AVI-066

Description

Solution

CERTA-2013-AVI-440

Solution

GHSA-WR3M-GW98-MC3J

FKIE_CVE-2011-4858

Tags

Sightings

Nomenclature