User: Password:
Subscribe / Log in / New account

tomcat: denial of service via hash collision

Package(s):tomcat CVE #(s):CVE-2011-4858
Created:January 19, 2012 Updated:February 2, 2012

From the Novell CVE entry:

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Mageia MGASA-2012-0189 tomcat6 2012-08-02
Gentoo 201206-24 tomcat 2012-06-24
Oracle ELSA-2012-0474 tomcat5 2012-04-12
Scientific Linux SL-tomc-20120411 tomcat6 2012-04-11
Scientific Linux SL-tomc-20120411 tomcat5 2012-04-11
CentOS CESA-2012:0475 tomcat6 2012-04-11
CentOS CESA-2012:0474 tomcat5 2012-04-11
Red Hat RHSA-2012:0475-01 tomcat6 2012-04-11
Red Hat RHSA-2012:0474-01 tomcat5 2012-04-11
Ubuntu USN-1359-1 tomcat6 2012-02-13
Debian DSA-2401-1 tomcat6 2012-02-02
openSUSE openSUSE-SU-2012:0103-1 tomcat 2012-01-19

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds