Description

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Remediation

References

http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e

http://marc.info/?l=bugtraq&m=132871655717248&w=2

http://marc.info/?l=bugtraq&m=132871655717248&w=2

http://marc.info/?l=bugtraq&m=133294394108746&w=2

http://marc.info/?l=bugtraq&m=133294394108746&w=2

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://rhn.redhat.com/errata/RHSA-2012-0074.html

http://rhn.redhat.com/errata/RHSA-2012-0075.html

http://rhn.redhat.com/errata/RHSA-2012-0076.html

http://rhn.redhat.com/errata/RHSA-2012-0077.html

http://rhn.redhat.com/errata/RHSA-2012-0078.html

http://rhn.redhat.com/errata/RHSA-2012-0089.html

http://rhn.redhat.com/errata/RHSA-2012-0325.html

http://rhn.redhat.com/errata/RHSA-2012-0406.html

http://secunia.com/advisories/48549

http://secunia.com/advisories/48790

http://secunia.com/advisories/48791

http://secunia.com/advisories/54971

http://secunia.com/advisories/55115

http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

http://www.debian.org/security/2012/dsa-2401

http://www.kb.cert.org/vuls/id/903934

http://www.nruns.com/_downloads/advisory28122011.pdf

http://www.ocert.org/advisories/ocert-2011-003.html

http://www.securityfocus.com/bid/51200

https://bugzilla.redhat.com/show_bug.cgi?id=750521

https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886

Related Vulnerabilities

CVE-2018-5382 Vulnerability in maven package org.bouncycastle:bcprov-jdk14

CVE-2011-4838 Vulnerability in maven package org.jruby:jruby

CVE-2011-4461 Vulnerability in maven package org.eclipse.jetty.aggregate:jetty-all-server

CVE-2021-45046 Vulnerability in maven package org.apache.logging.log4j:log4j-core

CVE-2023-44487 Vulnerability in maven package org.eclipse.jetty.http2:http2-common

Severity

Critical

Classification

CWE-399

Tags

US Government Resource