Description

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Remediation

References

http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e

http://marc.info/?l=bugtraq&m=132871655717248&w=2

http://marc.info/?l=bugtraq&m=132871655717248&w=2

http://marc.info/?l=bugtraq&m=133294394108746&w=2

http://marc.info/?l=bugtraq&m=133294394108746&w=2

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://rhn.redhat.com/errata/RHSA-2012-0074.html

http://rhn.redhat.com/errata/RHSA-2012-0075.html

http://rhn.redhat.com/errata/RHSA-2012-0076.html

http://rhn.redhat.com/errata/RHSA-2012-0077.html

http://rhn.redhat.com/errata/RHSA-2012-0078.html

http://rhn.redhat.com/errata/RHSA-2012-0089.html

http://rhn.redhat.com/errata/RHSA-2012-0325.html

http://rhn.redhat.com/errata/RHSA-2012-0406.html

http://secunia.com/advisories/48549

http://secunia.com/advisories/48790

http://secunia.com/advisories/48791

http://secunia.com/advisories/54971

http://secunia.com/advisories/55115

http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

http://www.debian.org/security/2012/dsa-2401

http://www.kb.cert.org/vuls/id/903934

http://www.nruns.com/_downloads/advisory28122011.pdf

http://www.ocert.org/advisories/ocert-2011-003.html

http://www.securityfocus.com/bid/51200

https://bugzilla.redhat.com/show_bug.cgi?id=750521

https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886

Related Vulnerabilities

CVE-2011-1498 Vulnerability in maven package org.apache.httpcomponents:httpclient

CVE-2014-0364 Vulnerability in maven package org.igniterealtime.smack:smack

CVE-2017-5641 Vulnerability in maven package org.apache.flex.blazeds:flex-messaging-core

CVE-2018-5382 Vulnerability in maven package org.bouncycastle:bcprov-jdk14

CVE-2017-9805 Vulnerability in maven package org.apache.struts:struts2-core

Severity

Critical

Classification

CWE-399

Tags

US Government Resource