Summary
The host is running Apache Tomcat Server and is prone to denial of service vulnerability.
Impact
Successful exploitation could allow remote attackers to cause a denial of service via a specially crafted form sent in a HTTP POST request.
Impact Level: Application.
Solution
Apply patch or upgrade Apache Tomcat to 5.5.35, 6.0.35, 7.0.23 or later, For updates refer to http://tomcat.apache.org/
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
The flaw is due to an error within a hash generation function when computing hash values for form parameter and updating a hash table. This can be exploited to cause a hash collision resulting in high CPU consumption via a specially crafted form sent in a HTTP POST request.
Affected
Apache Tomcat version before 5.5.35, 6.x to 6.0.34 and 7.x to 7.0.22 on Windows.
References
Severity
Classification
-
CVE CVE-2011-4858 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- LiteSpeed Web Server Source Code Information Disclosure Vulnerability
- CERN HTTPD access control bypass
- Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)
- Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
- Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability