Skip to main content

CVE-2011-4858

Severity

5.3

Description

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Project

Apache Tomcat

Category
n/a
Tags
data
operational
Date Disclosed

2012-01-05

Date Discovered

2011-12-16

Apache Tomcat 7.0.x

First release:
2011-01-14
First release:
2021-03-31
0
Support Lifecycle:
Namespace:
javax

Apache Tomcat 6.0.x

First release:
2007-02-28
First release:
2016-12-31
0
Support Lifecycle:
Namespace:
javax
Feel Vulnerable? 

Contact us so we can help you.

* These fields are required.