CVE-2011-4858

medium

Apache

CVSS v3 Base Score

5.0

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Score

76.6%

Exploitation probability in 30 days

Top 1% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

None

Integrity

None

Availability

Published: January 5, 2012 (5243 days ago)

Last Modified: April 29, 2026

Vendor: Apache

Source: NVD

Description

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CWE

CWE-399

Affected Products

apache tomcat

References

🔗 mail-archives.apache.org 🔗 marc.info 🔗 marc.info 🔗 marc.info 🔗 rhn.redhat.com

CVE-2011-4858

Vulnerability Report

Description

CWE

Affected Products

References