Apache Tomcat Hash Collision Denial Of Service Vulnerability Network Vulnerability

Summary

The host is running Apache Tomcat Server and is prone to denial of service vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service via a specially crafted form sent in a HTTP POST request. Impact Level: Application.

Solution

Apply patch or upgrade Apache Tomcat to 5.5.35, 6.0.35, 7.0.23 or later, For updates refer to http://tomcat.apache.org/ ***** NOTE: Ignore this warning, if above mentioned patch is manually applied. *****

Insight

The flaw is due to an error within a hash generation function when computing hash values for form parameter and updating a hash table. This can be exploited to cause a hash collision resulting in high CPU consumption via a specially crafted form sent in a HTTP POST request.

Affected

Apache Tomcat version before 5.5.35, 6.x to 6.0.34 and 7.x to 7.0.22 on Windows.

References

http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
http://www.kb.cert.org/vuls/id/903934
http://www.ocert.org/advisories/ocert-2011-003.html
https://bugzilla.redhat.com/show_bug.cgi?id=750521

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4858

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

lighttpd Slow Request Handling Remote Denial Of Service Vulnerability
Ecava IntegraXor Directory Traversal Vulnerability
CUPS Information Disclosure Vulnerability
Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability

Take action and discover your vulnerabilities