Description
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=750521
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
http://www.kb.cert.org/vuls/id/903934
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
http://marc.info/?l=bugtraq&m=132871655717248&w=2
http://www.debian.org/security/2012/dsa-2401
http://secunia.com/advisories/48791
http://secunia.com/advisories/48790
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://secunia.com/advisories/54971
http://secunia.com/advisories/55115
http://rhn.redhat.com/errata/RHSA-2012-0089.html
http://rhn.redhat.com/errata/RHSA-2012-0406.html
http://rhn.redhat.com/errata/RHSA-2012-0074.html
http://rhn.redhat.com/errata/RHSA-2012-0075.html
http://rhn.redhat.com/errata/RHSA-2012-0325.html
http://rhn.redhat.com/errata/RHSA-2012-0076.html
http://rhn.redhat.com/errata/RHSA-2012-0078.html
http://rhn.redhat.com/errata/RHSA-2012-0077.html
http://www.securityfocus.com/bid/51200
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886
http://secunia.com/advisories/48549
http://marc.info/?l=bugtraq&m=133294394108746&w=2
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e
Related Vulnerabilities
CVE-2011-4858 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-44487 Vulnerability in maven package io.netty:netty-codec-http2
CVE-2015-2912 Vulnerability in maven package com.orientechnologies:orientdb-server
CVE-2023-44487 Vulnerability in maven package org.eclipse.jetty.http2:http2-common
CVE-2011-4838 Vulnerability in maven package com.sun.grizzly:jruby