Description

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Remediation

References

http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e

http://marc.info/?l=bugtraq&m=132871655717248&w=2

http://marc.info/?l=bugtraq&m=132871655717248&w=2

http://marc.info/?l=bugtraq&m=133294394108746&w=2

http://marc.info/?l=bugtraq&m=133294394108746&w=2

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://rhn.redhat.com/errata/RHSA-2012-0074.html

http://rhn.redhat.com/errata/RHSA-2012-0075.html

http://rhn.redhat.com/errata/RHSA-2012-0076.html

http://rhn.redhat.com/errata/RHSA-2012-0077.html

http://rhn.redhat.com/errata/RHSA-2012-0078.html

http://rhn.redhat.com/errata/RHSA-2012-0089.html

http://rhn.redhat.com/errata/RHSA-2012-0325.html

http://rhn.redhat.com/errata/RHSA-2012-0406.html

http://secunia.com/advisories/48549

http://secunia.com/advisories/48790

http://secunia.com/advisories/48791

http://secunia.com/advisories/54971

http://secunia.com/advisories/55115

http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

http://www.debian.org/security/2012/dsa-2401

http://www.kb.cert.org/vuls/id/903934

http://www.nruns.com/_downloads/advisory28122011.pdf

http://www.ocert.org/advisories/ocert-2011-003.html

http://www.securityfocus.com/bid/51200

https://bugzilla.redhat.com/show_bug.cgi?id=750521

https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886

Related Vulnerabilities

CVE-2023-44487 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2013-1571 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2019-9515 Vulnerability in maven package io.netty:netty-codec-http2

CVE-2011-4461 Vulnerability in maven package org.eclipse.jetty.aggregate:jetty-servlet

CVE-2023-44487 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

Severity

Critical

Classification

CWE-399

Tags

US Government Resource