Description

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Remediation

References

http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e

http://marc.info/?l=bugtraq&m=132871655717248&w=2

http://marc.info/?l=bugtraq&m=132871655717248&w=2

http://marc.info/?l=bugtraq&m=133294394108746&w=2

http://marc.info/?l=bugtraq&m=133294394108746&w=2

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://rhn.redhat.com/errata/RHSA-2012-0074.html

http://rhn.redhat.com/errata/RHSA-2012-0075.html

http://rhn.redhat.com/errata/RHSA-2012-0076.html

http://rhn.redhat.com/errata/RHSA-2012-0077.html

http://rhn.redhat.com/errata/RHSA-2012-0078.html

http://rhn.redhat.com/errata/RHSA-2012-0089.html

http://rhn.redhat.com/errata/RHSA-2012-0325.html

http://rhn.redhat.com/errata/RHSA-2012-0406.html

http://secunia.com/advisories/48549

http://secunia.com/advisories/48790

http://secunia.com/advisories/48791

http://secunia.com/advisories/54971

http://secunia.com/advisories/55115

http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

http://www.debian.org/security/2012/dsa-2401

http://www.kb.cert.org/vuls/id/903934

http://www.nruns.com/_downloads/advisory28122011.pdf

http://www.ocert.org/advisories/ocert-2011-003.html

http://www.securityfocus.com/bid/51200

https://bugzilla.redhat.com/show_bug.cgi?id=750521

https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886

Related Vulnerabilities

CVE-2011-4461 Vulnerability in maven package org.eclipse.jetty.aggregate:jetty-all-server

CVE-2016-5388 Vulnerability in maven package org.apache.tomcat:tomcat

CVE-2014-0364 Vulnerability in maven package org.igniterealtime.smack:smack

CVE-2017-5638 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2011-4838 Vulnerability in maven package org.jruby:jruby

Severity

Critical

Classification

CWE-399

Tags

US Government Resource