Vulnerabilities > CVE-2011-4858 - Resource Management Errors vulnerability in Apache Tomcat

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apache
CWE-399
nessus
exploit available
metasploit

Summary

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionMyBulletinBoard (MyBB). CVE-2006-3775,CVE-2011-4084,CVE-2011-4858,CVE-2011-4885,CVE-2011-5034,CVE-2011-5035. Webapps exploit for php platform
idEDB-ID:2012
last seen2016-01-31
modified2006-07-15
published2006-07-15
reporterrgod
sourcehttps://www.exploit-db.com/download/2012/
titleMyBulletinBoard MyBB <= 1.1.5 - CLIENT-IP SQL Injection Exploit

Metasploit

descriptionThis module uses a denial-of-service (DoS) condition appearing in a variety of programming languages. This vulnerability occurs when storing multiple values in a hash table and all values have the same hash value. This can cause a web server parsing the POST parameters issued with a request into a hash table to consume hours of CPU with a single HTTP request. Currently, only the hash functions for PHP and Java are implemented. This module was tested with PHP + httpd, Tomcat, Glassfish and Geronimo. It also generates a random payload to bypass some IDS signatures.
idMSF:AUXILIARY/DOS/HTTP/HASHCOLLISION_DOS
last seen2020-05-21
modified2017-07-24
published2012-05-13
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/hashcollision_dos.rb
titleHashtable Collisions

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0680.NASL
    descriptionUpdated tomcat5 packages that fix multiple security issues and two bugs are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime (APR) support for Tomcat. References in this text to APR refer to the Tomcat Native implementation, not any other apr package. This update includes bug fixes as documented in JBPAPP-4873 and JBPAPP-6133. It also resolves the following security issues : Multiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064) A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application
    last seen2020-06-01
    modified2020-06-02
    plugin id78924
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78924
    titleRHEL 5 / 6 : JBoss Web Server (RHSA-2012:0680)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120411_TOMCAT6_ON_SL6.NASL
    descriptionApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen2020-03-18
    modified2012-08-01
    plugin id61300
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61300
    titleScientific Linux Security Update : tomcat6 on SL6.x (20120411)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0475.NASL
    descriptionFrom Red Hat Security Advisory 2012:0475 : Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858. Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68511
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68511
    titleOracle Linux 6 : tomcat6 (ELSA-2012-0475)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_TOMCAT6-120109.NASL
    descriptionThe apache tomcat was vulnerable to a hash collision attack which allowed remote attackers to mount DoS attacks. CVE-2011-4858 has been assigned to this issue.
    last seen2020-06-05
    modified2014-06-13
    plugin id75764
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75764
    titleopenSUSE Security Update : tomcat6 (openSUSE-SU-2012:0103-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201206-24.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201206-24 (Apache Tomcat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact : The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server&rsquo;s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59677
    published2012-06-25
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59677
    titleGLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120411_TOMCAT5_ON_SL5_X.NASL
    descriptionApache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen2020-03-18
    modified2012-08-01
    plugin id61299
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61299
    titleScientific Linux Security Update : tomcat5 on SL5.x i386/x86_64 (20120411)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0475.NASL
    descriptionUpdated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858. Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id58752
    published2012-04-16
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58752
    titleCentOS 6 : tomcat6 (CESA-2012:0475)
  • NASL familyWeb Servers
    NASL idTOMCAT_5_5_35.NASL
    descriptionAccording to its self-reported version number, the instance of Apache Tomcat 5.x listening on the remote host is prior to 5.5.35. It is, therefore, affected by a denial of service vulnerability. Large numbers of crafted form parameters can cause excessive CPU consumption due to hash collisions. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-03-18
    modified2012-01-13
    plugin id57540
    published2012-01-13
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57540
    titleApache Tomcat 5.x < 5.5.35 Hash Collision Denial of Service
  • NASL familyWeb Servers
    NASL idTOMCAT_6_0_35.NASL
    descriptionAccording to its self-reported version number, the instance of Apache Tomcat 6.x listening on the remote host is prior to 6.0.35. It is, therefore, affected by multiple vulnerabilities : - Specially crafted requests are incorrectly processed by Tomcat and can cause the server to allow injection of arbitrary AJP messages. This can lead to authentication bypass and disclosure of sensitive information. (CVE-2011-3190) - An information disclosure vulnerability exists. Request information is cached in two objects and these objects are not recycled at the same time. Further requests can obtain sensitive information if certain error conditions occur. (CVE-2011-3375) - Large numbers of crafted form parameters can cause excessive CPU consumption due to hash collisions. (CVE-2011-4858, CVE-2012-0022) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-03-18
    modified2011-12-12
    plugin id57080
    published2011-12-12
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57080
    titleApache Tomcat 6.x < 6.0.35 Multiple Vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0474.NASL
    descriptionFrom Red Hat Security Advisory 2012:0474 : Updated tomcat5 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858. Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68510
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68510
    titleOracle Linux 5 : tomcat5 (ELSA-2012-0474)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0682.NASL
    descriptionUpdated tomcat6 packages that fix multiple security issues and three bugs are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime (APR) support for Tomcat. References in this text to APR refer to the Tomcat Native implementation, not any other apr package. This update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It also resolves the following security issues : Multiple flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064) A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application
    last seen2020-06-01
    modified2020-06-02
    plugin id78925
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78925
    titleRHEL 5 / 6 : JBoss Web Server (RHSA-2012:0682)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-129.NASL
    descriptionTomcat was vulnerable to a hash collision attack which allowed remote attackers to mount DoS attacks.
    last seen2020-06-05
    modified2014-06-13
    plugin id74554
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74554
    titleopenSUSE Security Update : tomcat6 (openSUSE-2012-129)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_TOMCAT5-7933.NASL
    descriptionThis security update for tomcat5 fixes a vulnerability to a hash collision attack which allows remote attackers to perform denial of service attacks. The issue is tracked as CVE-2011-4858.
    last seen2020-06-05
    modified2012-02-06
    plugin id57843
    published2012-02-06
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57843
    titleSuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7933)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_TOMCAT_20120405.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. (CVE-2011-4858) - Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. (CVE-2012-0022)
    last seen2020-06-01
    modified2020-06-02
    plugin id80790
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80790
    titleOracle Solaris Third-Party Patch Update : tomcat (multiple_denial_of_service_dos)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2012-0005.NASL
    descriptiona. VMware Tools Display Driver Privilege Escalation The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on Windows-based Guest Operating Systems. VMware would like to thank Tarjei Mandt for reporting theses issues to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-1509 (XPDM buffer overrun), CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null pointer dereference) to these issues. Note: CVE-2012-1509 doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id58362
    published2012-03-16
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58362
    titleVMSA-2012-0005 : VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi, and ESX address several security issues
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1359-1.NASL
    descriptionIt was discovered that Tomcat incorrectly performed certain caching and recycling operations. A remote attacker could use this flaw to obtain read access to IP address and HTTP header information in certain cases. This issue only applied to Ubuntu 11.10. (CVE-2011-3375) It was discovered that Tomcat computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. A remote attacker could cause a denial of service by sending many crafted parameters. (CVE-2011-4858) It was discovered that Tomcat incorrectly handled parameters. A remote attacker could cause a denial of service by sending requests with a large number of parameters and values. (CVE-2012-0022). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57933
    published2012-02-14
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57933
    titleUbuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : tomcat6 vulnerabilities (USN-1359-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0474.NASL
    descriptionUpdated tomcat5 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858. Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen2020-04-16
    modified2012-04-12
    plugin id58718
    published2012-04-12
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58718
    titleRHEL 5 : tomcat5 (RHSA-2012:0474)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_TOMCAT6-120109.NASL
    descriptionThe apache tomcat was vulnerable to a hash collision attack which allowed remote attackers to mount DoS attacks. CVE-2011-4858 has been assigned to this issue.
    last seen2020-06-05
    modified2014-06-13
    plugin id76036
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76036
    titleopenSUSE Security Update : tomcat6 (openSUSE-SU-2012:0103-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0475.NASL
    descriptionUpdated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858. Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen2020-04-16
    modified2012-04-12
    plugin id58719
    published2012-04-12
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58719
    titleRHEL 6 : tomcat6 (RHSA-2012:0475)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2401.NASL
    descriptionSeveral vulnerabilities have been found in Tomcat, a servlet and JSP engine : - CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 The HTTP Digest Access Authentication implementation performed insufficient countermeasures against replay attacks. - CVE-2011-2204 In rare setups passwords were written into a logfile. - CVE-2011-2526 Missing input sanitising in the HTTP APR or HTTP NIO connectors could lead to denial of service. - CVE-2011-3190 AJP requests could be spoofed in some setups. - CVE-2011-3375 Incorrect request caching could lead to information disclosure. - CVE-2011-4858 CVE-2012-0022 This update adds countermeasures against a collision denial of service vulnerability in the Java hashtable implementation and addresses denial of service potentials when processing large amounts of requests. Additional information can be found at
    last seen2020-03-17
    modified2012-02-03
    plugin id57812
    published2012-02-03
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57812
    titleDebian DSA-2401-1 : tomcat6 - several vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0074.NASL
    descriptionUpdated jbossweb packages that fix multiple security issues are now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages (JSP) and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service (infinite loop) on the JBoss Web server. (CVE-2011-4610) It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in
    last seen2020-04-16
    modified2013-01-24
    plugin id64022
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64022
    titleRHEL 5 / 6 : jbossweb (RHSA-2012:0074)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0474.NASL
    descriptionUpdated tomcat5 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858. Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id58685
    published2012-04-12
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58685
    titleCentOS 5 : tomcat5 (CESA-2012:0474)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2012-085.NASL
    descriptionA vulnerability has been discovered and corrected in tomcat5 : Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858 (CVE-2012-0022). The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id59315
    published2012-05-31
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59315
    titleMandriva Linux Security Advisory : tomcat5 (MDVSA-2012:085)
  • NASL familyWeb Servers
    NASL idTOMCAT_7_0_23.NASL
    descriptionAccording to its self-reported version number, the instance of Apache Tomcat 7.x listening on the remote host is prior to 7.0.23. It is, therefore, affected by a denial of service vulnerability. Large numbers of crafted form parameters can cause excessive CPU consumption due to hash collisions. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-03-18
    modified2012-01-13
    plugin id57541
    published2012-01-13
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57541
    titleApache Tomcat 7.x < 7.0.23 Hash Collision DoS

Oval

accepted2015-04-20T04:00:47.813-04:00
classvulnerability
contributors
  • nameGanesh Manal
    organizationHewlett-Packard
  • nameSushant Kumar Singh
    organizationHewlett-Packard
  • namePrashant Kumar
    organizationHewlett-Packard
  • nameMike Cokus
    organizationThe MITRE Corporation
descriptionApache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
familyunix
idoval:org.mitre.oval:def:18886
statusaccepted
submitted2013-11-22T11:43:28.000-05:00
titleHP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
version48

Redhat

advisories
  • rhsa
    idRHSA-2012:0074
  • rhsa
    idRHSA-2012:0075
  • rhsa
    idRHSA-2012:0076
  • rhsa
    idRHSA-2012:0077
  • rhsa
    idRHSA-2012:0078
  • rhsa
    idRHSA-2012:0089
  • rhsa
    idRHSA-2012:0325
  • rhsa
    idRHSA-2012:0406
rpms
  • jbossweb-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-el-1.0-api-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-el-1.0-api-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-el-1.0-api-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-jsp-2.1-api-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-jsp-2.1-api-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-jsp-2.1-api-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-lib-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-lib-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-lib-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-servlet-2.5-api-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-servlet-2.5-api-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-servlet-2.5-api-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-el-1.0-api-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-el-1.0-api-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-el-1.0-api-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-jsp-2.1-api-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-jsp-2.1-api-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-jsp-2.1-api-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-lib-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-lib-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-lib-0:2.1.12-3_patch_03.2.ep5.el6
  • jbossweb-servlet-2.5-api-0:2.1.12-3_patch_03.2.ep5.el4
  • jbossweb-servlet-2.5-api-0:2.1.12-3_patch_03.2.ep5.el5
  • jbossweb-servlet-2.5-api-0:2.1.12-3_patch_03.2.ep5.el6
  • tomcat5-0:5.5.23-0jpp.31.el5_8
  • tomcat5-admin-webapps-0:5.5.23-0jpp.31.el5_8
  • tomcat5-common-lib-0:5.5.23-0jpp.31.el5_8
  • tomcat5-debuginfo-0:5.5.23-0jpp.31.el5_8
  • tomcat5-jasper-0:5.5.23-0jpp.31.el5_8
  • tomcat5-jasper-javadoc-0:5.5.23-0jpp.31.el5_8
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp.31.el5_8
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.31.el5_8
  • tomcat5-server-lib-0:5.5.23-0jpp.31.el5_8
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp.31.el5_8
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.31.el5_8
  • tomcat5-webapps-0:5.5.23-0jpp.31.el5_8
  • tomcat6-0:6.0.24-36.el6_2
  • tomcat6-admin-webapps-0:6.0.24-36.el6_2
  • tomcat6-docs-webapp-0:6.0.24-36.el6_2
  • tomcat6-el-2.1-api-0:6.0.24-36.el6_2
  • tomcat6-javadoc-0:6.0.24-36.el6_2
  • tomcat6-jsp-2.1-api-0:6.0.24-36.el6_2
  • tomcat6-lib-0:6.0.24-36.el6_2
  • tomcat6-servlet-2.5-api-0:6.0.24-36.el6_2
  • tomcat6-webapps-0:6.0.24-36.el6_2
  • tomcat5-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-admin-webapps-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-admin-webapps-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-common-lib-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-common-lib-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-jasper-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-jasper-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-jasper-eclipse-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-jasper-eclipse-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-jasper-javadoc-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-jasper-javadoc-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-jsp-2.0-api-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-jsp-2.0-api-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-parent-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-parent-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-server-lib-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-server-lib-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-servlet-2.4-api-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-servlet-2.4-api-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.33-28_patch_07.ep5.el6
  • tomcat5-webapps-0:5.5.33-27_patch_07.ep5.el5
  • tomcat5-webapps-0:5.5.33-28_patch_07.ep5.el6
  • tomcat6-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-admin-webapps-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-admin-webapps-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-docs-webapp-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-docs-webapp-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-el-1.0-api-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-el-1.0-api-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-javadoc-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-javadoc-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-jsp-2.1-api-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-jsp-2.1-api-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-lib-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-lib-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-log4j-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-log4j-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-servlet-2.5-api-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-servlet-2.5-api-0:6.0.32-24_patch_07.ep5.el6
  • tomcat6-webapps-0:6.0.32-24_patch_07.ep5.el5
  • tomcat6-webapps-0:6.0.32-24_patch_07.ep5.el6

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:72458
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-72458
titlePHP Hash Table Collision Proof Of Concept