What is CVE-2011-4858?

CVE-2011-4858 is a vulnerability in Apache Tomcat, classified under CWE-399. Published 2012-01-05.

Is CVE-2011-4858 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Tomcat

CVE-2011-4858

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of servi…

EPSS: 0.766 (99.0th percentile) — read the EPSS interpretation.

Affected products

Apache Tomcat — versions 5.5.35, 6.0.0, 6.0.1
N/a — versions n/a

Weakness classification (CWE)

CWE-399

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_MISC)
DSA-2401 (vendor-advisory, x_refsource_DEBIAN)
cve@mitre.org (x_refsource_MISC)
RHSA-2012:0325 (x_refsource_REDHAT, vendor-advisory)
HPSBUX02860 (x_refsource_HP, vendor-advisory)
RHSA-2012:0078 (x_refsource_REDHAT, vendor-advisory)
51200 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM)
48791 (x_refsource_SECUNIA, third-party-advisory)
oval:org.mitre.oval:def:18886 (x_refsource_OVAL, signature, vdb-entry)

Frequently asked questions

What is CVE-2011-4858?: CVE-2011-4858 is a vulnerability in Apache Tomcat, classified under CWE-399. Published 2012-01-05.
Is CVE-2011-4858 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.