Description

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Remediation

References

CVE-2011-4858

Related Vulnerabilities

WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (6.2.03)

WordPress Plugin Gallery Plugin for WordPress-Envira Photo Gallery Cross-Site Scripting (1.7.6)

WordPress Plugin WP125 Cross-Site Request Forgery (1.4.9)

Oracle Database Server CVE-2019-2517 Vulnerability (CVE-2019-2517)

FrontAccounting Cross-site Request Forgery (CSRF) Vulnerability (CVE-2018-7176)

Severity

Medium

Classification

CVE-2011-4858

Tags

Missing Update Known Vulnerabilities