Description

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Remediation

References

CVE-2011-4858

Related Vulnerabilities

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.20)

MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-27946)

Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19745)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3660)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-38263)

Severity

Medium

Classification

CVE-2011-4858

Tags

Missing Update Known Vulnerabilities