Description

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Remediation

References

CVE-2011-4885

Related Vulnerabilities

Oracle JRE CVE-2020-2757 Vulnerability (CVE-2020-2757)

WordPress 2.0.5 Cross-Site Scripting Vulnerability (0.6.2 - 2.0.5)

Elgg Exposure of Private Personal Information to an Unauthorized Actor Vulnerability (CVE-2021-3980)

WordPress Plugin Connections Business Directory Unspecified Vulnerability (10.4.7)

WordPress Plugin Shareaholic-share buttons, related posts, social analytics & more Cross-Site Request Forgery (7.0.3.3)

Severity

Medium

Classification

CVE-2011-4885 CWE-20

Tags

Missing Update Known Vulnerabilities