PROBLEM:
Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
PLATFORM:
apache Tomcat 5.5.34, 6.0.34, 7.0.22; and prior versions
aBSTRACT:
A remote user can cause performance to degrade on the target server.
reference LINKS:
Apache Tomcat Security Alert
SecurityTracker Alert ID: 1026477
nruns Advisory SA-2011.004
Secunia Advisory SA47411
CVE-2011-4084
IMPACT ASSESSMENT:
Medium
Discussion:
A vulnerability was reported in Apache Tomcat. A remote user can cause denial of service conditions. A remote user can send specially crafted POST request values to trigger hash collisions and cause significant performance degradation on the target server.
Impact:
The vulnerability is caused due to an error within a hash generation function when hashing form posts and updating a hash table. This can be exploited to cause a hash collision resulting in high CPU consumption via a specially crafted form sent in a HTTP POST request.