Vulnerability Name: CVE-2011-4858 (CCN-72016) Assigned: 2011-12-28 Published: 2011-12-28 Updated: 2018-01-09 Summary: Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P 4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P 4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
5.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P 4.1 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Type: CWE-399 Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2011-4858 Fixed in Geronimo 2.1.8 HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass HP OpenView Network Node Manager (OV NNM) Running Apache Tomcat, Remote Denial of Service (DoS) [announce] 20111228 [SECURITY] Apache Tomcat and the hashtable collision DoS vulnerability SSRT100728 SSRT100771 HPSBUX02860 Important: jbossweb security update RHSA-2012:0074 RHSA-2012:0075 RHSA-2012:0076 RHSA-2012:0077 RHSA-2012:0078 RHSA-2012:0089 RHSA-2012:0325 RHSA-2012:0406 Moderate: tomcat5 security update Moderate: tomcat6 security update Moderate: tomcat5 security and bug fix update Moderate: tomcat5 security and bug fix update Moderate: tomcat6 security and bug fix update Moderate: tomcat6 security and bug fix update Apache Geronimo Multiple Vulnerabilities Apache Tomcat Web Form Hash Collision Denial of Service Vulnerability IBM WebSphere Application Server Community Edition Tomcat Container Denial of Service Hitachi Cosminexus Products Hash Collision Denial of Service Vulnerability HP-UX Apache Web Server Suite Multiple Denial of Service Vulnerabilities HP OpenView Network Node Manager Apache Tomcat Two Denial of Service Vulnerabilities 48549 48790 48791 Hitachi IT Operations Analyzer Hash Collision Denial of Service Vulnerability HP Network Node Manager i (NNMi) Multiple Vulnerabilities IBM Tivoli Integrated Portal Multiple Vulnerabilities 54971 IBM Tivoli Dynamic Workload Console Multiple Vulnerabilities 55115 Apache Tomcat http://tomcat.apache.org/tomcat-7.0-doc/changelog.html Denial of service vulnerability in the web container of WebSphere Application Server Community Edition Multiple vulnerabilities in IBM Cognos BI 8.4.1,10.1, 10.1.1 and 10.2 (CVE-2011-3026, CVE-2011-4858, CVE-2012-0498, CVE-2012-2177, CVE-2012-2193, CVE-2012-4835, CVE-2012-4836, CVE-2012-4837, CVE-2012-4840, CVE-2012-4858, CVE-2012-5081) IBM WebSphere Appliance Management Center, multiple security vulnerabilities in IBM Tivoli Integrated Portal Tivoli Business Service Manager - Websphere Potential security exposure(CVE-2012-3325) and Apache Tomcat hash denial of service (CVE-2011-4858) Security Vulnerabilities addressed in IBM Tivoli Netcool Performance Manager (CVE-2013-0464, CVE-2012-3325, CVE-2012-3325) Tivoli Storage Productivity Center, multiple security vulnerabilities in IBM Tivoli Integrated Portal (CVE-2013-0464, CVE-2012-3325, CVE-2011-4858) Tivoli Workload Dynamic Console Vulnerability exposure in Tivoli Integrated Portal component Tivoli Netcool/OMNIbus Web GUI - IBM WebSphere Application Server PM44303 security bypass (CVE-2012-3325) and Hash denial of service (CVE-2011-4858) DSA-2401 tomcat6 -- several vulnerabilities DoS Vulnerability in Cosminexus Hitachi IT Operations Analyzer A Tomcat fix for WebSphere Application Server Community Edition v3.0.0.0 IBM Security SiteProtector System can be affected by a vulnerability in Geronimo (CVE-2011-4858) Hash table implementations vulnerable to algorithmic complexity attacks VU#903934 Denial of Service through hash table multi-collisions http://www.nruns.com/_downloads/advisory28122011.pdf multiple implementations denial-of-service via hash algorithm collision http://www.ocert.org/advisories/ocert-2011-003.html IBM WebSphere Application Server Community Edition Tomcat Container Multiple Parameter Request Parsing Remote DoS Hitachi Cosminexus Multiple Product Hash Collision Form Parameter Parsing Remote DoS Apache Tomcat CPU Consumption Parameter Saturation Remote DoS 51200 Apache Tomcat Hash Collision Denial Of Service Vulnerability IBM WebSphere Application Server Community Edition Tomcat Container Denial Of Service Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=750521 apache-tomcat-hash-dos(72016) https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Access, Execution of Arbitrary Code oval:org.mitre.oval:def:18886 Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator Vulnerable Configuration: Configuration 1 :cpe:/a:apache:tomcat:5.5.35:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.0:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.1:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.2:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.3:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.4:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.5:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.6:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.7:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.8:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.9:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.10:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.11:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.12:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.13:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.14:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.15:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.16:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.17:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.18:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.19:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.20:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.21:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.22:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.23:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.24:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.25:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.26:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.27:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.28:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.29:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.30:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.31:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.32:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.33:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6.0.34:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.0:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.1:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.2:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.3:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.4:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.5:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.6:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.7:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.8:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.9:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.10:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.11:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.12:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.13:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.14:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.15:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.16:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.17:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.18:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.19:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.20:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.21:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7.0.22:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:* Configuration RedHat 6 :cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:* Configuration RedHat 7 :cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:* Configuration RedHat 8 :cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:* Configuration RedHat 9 :cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:* Configuration CCN 1 :cpe:/a:apache:tomcat:5:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:6:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:7:*:*:*:*:*:*:* AND cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:* OR cpe:/a:hitachi:cosminexus_application_server:5:*:*:*:*:*:*:* OR cpe:/a:hitachi:cosminexus_application_server:6:*:*:*:*:*:*:* OR cpe:/a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* OR cpe:/o:hp:hp-ux:b.11.31:*:*:*:*:*:*:* OR cpe:/a:apache:geronimo:2.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* OR cpe:/a:hp:openview_network_node_manager:7.0.1:*:*:*:*:*:*:* OR cpe:/a:apache:geronimo:2.1.1:*:*:*:*:*:*:* OR cpe:/a:apache:geronimo:2.1.2:*:*:*:*:*:*:* OR cpe:/a:apache:geronimo:2.1.3:*:*:*:*:*:*:* OR cpe:/a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:* OR cpe:/a:hitachi:cosminexus_developer:6:-:pro:*:*:*:*:* OR cpe:/a:hitachi:ucosminexus_developer:6:-:pro:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:8.4.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:* OR cpe:/a:hp:network_node_manager_i:9.0:*:*:*:*:*:*:* OR cpe:/a:hitachi:it_operations_analyzer:02-01:*:*:*:*:*:*:* OR cpe:/a:apache:geronimo:2.1.8:*:*:*:*:*:*:* OR cpe:/a:apache:geronimo:2.1.7:*:*:*:*:*:*:* OR cpe:/a:apache:geronimo:2.1.6:*:*:*:*:*:*:* OR cpe:/a:apache:geronimo:2.1.5:*:*:*:*:*:*:* OR cpe:/a:apache:geronimo:2.1.4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_business_service_manager:4.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:5.2.0.0:*:*:*:*:*:*:* Oval Definitions BACK
apache tomcat 5.5.35
apache tomcat 6.0.0
apache tomcat 6.0.1
apache tomcat 6.0.2
apache tomcat 6.0.3
apache tomcat 6.0.4
apache tomcat 6.0.5
apache tomcat 6.0.6
apache tomcat 6.0.7
apache tomcat 6.0.8
apache tomcat 6.0.9
apache tomcat 6.0.10
apache tomcat 6.0.11
apache tomcat 6.0.12
apache tomcat 6.0.13
apache tomcat 6.0.14
apache tomcat 6.0.15
apache tomcat 6.0.16
apache tomcat 6.0.17
apache tomcat 6.0.18
apache tomcat 6.0.19
apache tomcat 6.0.20
apache tomcat 6.0.21
apache tomcat 6.0.22
apache tomcat 6.0.23
apache tomcat 6.0.24
apache tomcat 6.0.25
apache tomcat 6.0.26
apache tomcat 6.0.27
apache tomcat 6.0.28
apache tomcat 6.0.29
apache tomcat 6.0.30
apache tomcat 6.0.31
apache tomcat 6.0.32
apache tomcat 6.0.33
apache tomcat 6.0.34
apache tomcat 7.0.0
apache tomcat 7.0.1
apache tomcat 7.0.2
apache tomcat 7.0.3
apache tomcat 7.0.4
apache tomcat 7.0.5
apache tomcat 7.0.6
apache tomcat 7.0.7
apache tomcat 7.0.8
apache tomcat 7.0.9
apache tomcat 7.0.10
apache tomcat 7.0.11
apache tomcat 7.0.12
apache tomcat 7.0.13
apache tomcat 7.0.14
apache tomcat 7.0.15
apache tomcat 7.0.16
apache tomcat 7.0.17
apache tomcat 7.0.18
apache tomcat 7.0.19
apache tomcat 7.0.20
apache tomcat 7.0.21
apache tomcat 7.0.22
apache tomcat 5
apache tomcat 6
apache tomcat 7
hp hp-ux b.11.23
hitachi cosminexus application server 5
hitachi cosminexus application server 6
hitachi ucosminexus service architect *
redhat enterprise linux 5
redhat enterprise linux 5
hp hp-ux b.11.31
apache geronimo 2.1
redhat enterprise linux 5
hp openview network node manager 7.0.1
apache geronimo 2.1.1
apache geronimo 2.1.2
apache geronimo 2.1.3
hitachi ucosminexus service platform *
hitachi cosminexus developer 6 -
hitachi ucosminexus developer 6 -
ibm cognos business intelligence 8.4.1
redhat enterprise linux 6
redhat enterprise linux 6
hp network node manager i 9.0
hitachi it operations analyzer 02-01
apache geronimo 2.1.8
apache geronimo 2.1.7
apache geronimo 2.1.6
apache geronimo 2.1.5
apache geronimo 2.1.4
redhat enterprise linux desktop 6
redhat enterprise linux hpc node 6
ibm cognos business intelligence 10.1
ibm cognos business intelligence 10.1.1
ibm cognos business intelligence 10.2
ibm tivoli business service manager 4.2.1
ibm sterling b2b integrator 6.0.0.0
ibm sterling b2b integrator 5.2.0.0
Denotes that component is vulnerable