Vulnerability Details : CVE-2011-4858
Public exploit exists!
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Vulnerability category: Denial of service
Threat overview for CVE-2011-4858
Top countries where our scanners detected CVE-2011-4858
Top open port discovered on systems with this issue
80
IPs affected by CVE-2011-4858 21,361
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-4858!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-4858
Probability of exploitation activity in the next 30 days: 65.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2011-4858
-
Hashtable Collisions
Disclosure Date: 2011-12-28First seen: 2020-04-26auxiliary/dos/http/hashcollision_dosThis module uses a denial-of-service (DoS) condition appearing in a variety of programming languages. This vulnerability occurs when storing multiple values in a hash table and all values have the same hash value. This can cause a web server parsing the POST paramete
CVSS scores for CVE-2011-4858
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-4858
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4858
-
http://rhn.redhat.com/errata/RHSA-2012-0077.html
Red Hat Customer Portal
-
http://www.nruns.com/_downloads/advisory28122011.pdf
Best 7 Best Internet Security Software in 2019
-
http://rhn.redhat.com/errata/RHSA-2012-0078.html
Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2012-0406.html
Red Hat Customer Portal
-
http://marc.info/?l=bugtraq&m=133294394108746&w=2
'[security bulletin] HPSBMU02747 SSRT100771 rev.1 - HP OpenView Network Node Manager (OV NNM) Running' - MARC
-
http://marc.info/?l=bugtraq&m=136485229118404&w=2
'[security bulletin] HPSBUX02860 SSRT101146 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remot' - MARC
-
http://rhn.redhat.com/errata/RHSA-2012-0074.html
RHSA-2012:0074 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2012-0075.html
RHSA-2012:0075 - Security Advisory - Red Hat Customer Portal
-
http://www.debian.org/security/2012/dsa-2401
Debian -- Security Information -- DSA-2401-1 tomcat6
-
http://secunia.com/advisories/48549
Sign in
-
http://www.kb.cert.org/vuls/id/903934
VU#903934 - Hash table implementations vulnerable to algorithmic complexity attacksUS Government Resource
-
http://www.ocert.org/advisories/ocert-2011-003.html
oCERT archive
-
http://rhn.redhat.com/errata/RHSA-2012-0089.html
Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2012-0325.html
Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=750521
750521 – (CVE-2011-4084, CVE-2011-4858) CVE-2011-4858 tomcat: hash table collisions CPU usage DoS (oCERT-2011-003)
-
http://rhn.redhat.com/errata/RHSA-2012-0076.html
RHSA-2012:0076 - Security Advisory - Red Hat Customer Portal
-
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e
[SECURITY] Apache Tomcat and the hashtable collision DoS vulnerability
-
http://www.securityfocus.com/bid/51200
Apache Tomcat Hash Collision Denial Of Service Vulnerability
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886
Repository / Oval Repository
-
http://marc.info/?l=bugtraq&m=132871655717248&w=2
'[security bulletin] HPSBUX02741 SSRT100728 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remot' - MARC
-
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
Apache Tomcat 7 (7.0.96) - Changelog
-
https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
HashCollision-DOS-POC/HashtablePOC.py at master · FireFart/HashCollision-DOS-POC · GitHub
Products affected by CVE-2011-4858
- cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.35:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*