Fixed apache tomcat hash collision vulnerability (CVE-2011-4858)
The apache tomcat was vulnerable to a hash collision attack
which allowed remote attackers to mount DoS attacks.
CVE-2011-4858 has been assigned to this issue.
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5619
Fixed bugs
bnc#727543
VUL-0: CVE-2011-4858: Apache tomcat vulnerable to hash collision attack.
bnc#712784
tomcat6: add missing Requires on java >= 1.6.0
CVE#CVE-2011-4858
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumpt
