PT-2012-1967 · Apache+4 · Apache Tomcat+4

Alexander Klink

Published

2012-01-05

Updated

2022-05-14

CVE-2011-4858

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions prior to 5.5.35 Apache Tomcat versions 6.x prior to 6.0.35 Apache Tomcat versions 7.x prior to 7.0.23

Description The issue allows remote attackers to cause a denial of service by sending many crafted parameters, resulting in CPU consumption due to hash collisions.

Recommendations For versions prior to 5.5.35, update to version 5.5.35 or later. For versions 6.x prior to 6.0.35, update to version 6.0.35 or later. For versions 7.x prior to 7.0.23, update to version 7.0.23 or later.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-20

Related Identifiers

CESA-2012_0475

CVE-2011-4858

DSA-2401-1

GHSA-WR3M-GW98-MC3J

HPSBUX02741

HPSBUX02860

RHSA-2012:0074

RHSA-2012:0076

RHSA-2012:0474

RHSA-2012:0475

RHSA-2012:0680

RHSA-2012:0682

RHSA-2012_0474

RHSA-2012_0475

SUSE-SU-2012_0144-1

Affected Products

Apache Tomcat

Centos

Hp-Ux

Red Hat

Suse

PT-2012-1967 · Apache+4 · Apache Tomcat+4

CVE-2011-4858

Weakness Enumeration

Related Identifiers

Affected Products

References · 39