Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2012-01-05T19:00:00
Updated: 2024-08-07T00:16:35.019Z
Reserved: 2011-12-16T00:00:00
Link: CVE-2011-4858
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-01-05T19:55:01.033
Modified: 2024-11-21T01:33:07.977
Link: CVE-2011-4858
Redhat