Description

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Remediation

References

CVE-2011-4885

Related Vulnerabilities

Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2015-8793)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (3.8.6)

WordPress 5.7.x Multiple Vulnerabilities (5.7 - 5.7.6)

WordPress Plugin iFrame Admin Pages 'url' Parameter Cross-Site Scripting (0.1)

WordPress Plugin Wow Viral Signups SQL Injection (2.1)

Severity

Medium

Classification

CVE-2011-4885 CWE-20

Tags

Missing Update Known Vulnerabilities