Search for vulnerabilities
Vulnerability details: VCID-rhcq-wuxw-aaad
Vulnerability ID VCID-rhcq-wuxw-aaad
Aliases CVE-2011-4858
GHSA-wr3m-gw98-mc3j
Summary Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-399 Resource Management Errors
CWE-20 Improper Input Validation
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e
generic_textual MODERATE http://marc.info/?l=bugtraq&m=132871655717248&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=133294394108746&w=2
cvssv3.1 4.2 http://marc.info/?l=bugtraq&m=136485229118404&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=136485229118404&w=2
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2012-0074.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2012-0075.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2012-0076.html
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0041
rhas Important https://access.redhat.com/errata/RHSA-2012:0074
rhas Important https://access.redhat.com/errata/RHSA-2012:0075
rhas Important https://access.redhat.com/errata/RHSA-2012:0076
rhas Important https://access.redhat.com/errata/RHSA-2012:0077
rhas Important https://access.redhat.com/errata/RHSA-2012:0078
rhas Important https://access.redhat.com/errata/RHSA-2012:0089
rhas Important https://access.redhat.com/errata/RHSA-2012:0091
rhas Important https://access.redhat.com/errata/RHSA-2012:0325
rhas Important https://access.redhat.com/errata/RHSA-2012:0406
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0474
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0475
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0679
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0680
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0681
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0682
epss 0.65134 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.65134 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.65134 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.65134 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.65134 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.65134 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.65134 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.65134 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.65134 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.65134 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.73855 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.78763 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.80925 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.80925 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.80925 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
epss 0.80925 https://api.first.org/data/v1/epss?cve=CVE-2011-4858
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=750521
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-wr3m-gw98-mc3j
cvssv3.1 7.5 https://github.com/apache/tomcat
generic_textual HIGH https://github.com/apache/tomcat
generic_textual HIGH https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2011-4858
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886
generic_textual MODERATE http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
generic_textual MODERATE http://www.debian.org/security/2012/dsa-2401
cvssv3.1 7.5 http://www.kb.cert.org/vuls/id/903934
generic_textual MODERATE http://www.kb.cert.org/vuls/id/903934
cvssv3.1 7.5 http://www.nruns.com/_downloads/advisory28122011.pdf
generic_textual MODERATE http://www.nruns.com/_downloads/advisory28122011.pdf
cvssv3.1 7.5 http://www.ocert.org/advisories/ocert-2011-003.html
generic_textual MODERATE http://www.ocert.org/advisories/ocert-2011-003.html
Reference id Reference type URL
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106%40apache.org%3e
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e
http://marc.info/?l=bugtraq&m=132871655717248&w=2
http://marc.info/?l=bugtraq&m=133294394108746&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://rhn.redhat.com/errata/RHSA-2012-0074.html
http://rhn.redhat.com/errata/RHSA-2012-0075.html
http://rhn.redhat.com/errata/RHSA-2012-0076.html
http://rhn.redhat.com/errata/RHSA-2012-0077.html
http://rhn.redhat.com/errata/RHSA-2012-0078.html
http://rhn.redhat.com/errata/RHSA-2012-0089.html
http://rhn.redhat.com/errata/RHSA-2012-0325.html
http://rhn.redhat.com/errata/RHSA-2012-0406.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4858.json
https://api.first.org/data/v1/epss?cve=CVE-2011-4858
https://bugzilla.redhat.com/show_bug.cgi?id=750521
http://secunia.com/advisories/48549
http://secunia.com/advisories/48790
http://secunia.com/advisories/48791
http://secunia.com/advisories/54971
http://secunia.com/advisories/55115
https://github.com/apache/tomcat
https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
http://www.debian.org/security/2012/dsa-2401
http://www.kb.cert.org/vuls/id/903934
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.securityfocus.com/bid/51200
cpe:2.3:a:apache:tomcat:5.5.35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.5.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
CVE-2011-4858 https://nvd.nist.gov/vuln/detail/CVE-2011-4858
CVE-2011-4885;OSVDB-78115 Exploit http://www.ocert.org/advisories/ocert-2011-003.html
GHSA-wr3m-gw98-mc3j https://github.com/advisories/GHSA-wr3m-gw98-mc3j
GLSA-201206-24 https://security.gentoo.org/glsa/201206-24
RHSA-2012:0041 https://access.redhat.com/errata/RHSA-2012:0041
RHSA-2012:0074 https://access.redhat.com/errata/RHSA-2012:0074
RHSA-2012:0075 https://access.redhat.com/errata/RHSA-2012:0075
RHSA-2012:0076 https://access.redhat.com/errata/RHSA-2012:0076
RHSA-2012:0077 https://access.redhat.com/errata/RHSA-2012:0077
RHSA-2012:0078 https://access.redhat.com/errata/RHSA-2012:0078
RHSA-2012:0089 https://access.redhat.com/errata/RHSA-2012:0089
RHSA-2012:0091 https://access.redhat.com/errata/RHSA-2012:0091
RHSA-2012:0325 https://access.redhat.com/errata/RHSA-2012:0325
RHSA-2012:0406 https://access.redhat.com/errata/RHSA-2012:0406
RHSA-2012:0474 https://access.redhat.com/errata/RHSA-2012:0474
RHSA-2012:0475 https://access.redhat.com/errata/RHSA-2012:0475
RHSA-2012:0679 https://access.redhat.com/errata/RHSA-2012:0679
RHSA-2012:0680 https://access.redhat.com/errata/RHSA-2012:0680
RHSA-2012:0681 https://access.redhat.com/errata/RHSA-2012:0681
RHSA-2012:0682 https://access.redhat.com/errata/RHSA-2012:0682
USN-1359-1 https://usn.ubuntu.com/1359-1/
Data source Exploit-DB
Date added July 14, 2006
Description MyBulletinBoard (MyBB) 1.1.5 - 'CLIENT-IP' SQL Injection
Ransomware campaign use Known
Source publication date July 15, 2006
Exploit type webapps
Platform php
Source update date Nov. 9, 2016
Data source Metasploit
Description This module uses a denial-of-service (DoS) condition appearing in a variety of programming languages. This vulnerability occurs when storing multiple values in a hash table and all values have the same hash value. This can cause a web server parsing the POST parameters issued with a request into a hash table to consume hours of CPU with a single HTTP request. Currently, only the hash functions for PHP and Java are implemented. This module was tested with PHP + httpd, Tomcat, Glassfish and Geronimo. It also generates a random payload to bypass some IDS signatures.
Note 
Stability:
  - crash-service-down
SideEffects: []
Reliability: []
Ransomware campaign use Unknown
Source publication date Dec. 28, 2011
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/http/hashcollision_dos.rb
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://marc.info/?l=bugtraq&m=136485229118404&w=2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2011-4858
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.kb.cert.org/vuls/id/903934
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.nruns.com/_downloads/advisory28122011.pdf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.ocert.org/advisories/ocert-2011-003.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.97981
EPSS Score 0.65134
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.