Apache Tomcat Hash Collision Denial Of Service Vulnerability UPDATED

Summary

Apache Tomcat is prone to a denial-of-service vulnerability.

Credit:

The original article can be found at: http://www.securityfocus.com/bid/51200
The information has been provided by Alexander Klink, n.runs AG and Julian.


Details

Vulnerable Systems:
 * Apache Software Foundation Tomcat 7.0.17 and prior

An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests.

Vendor Status:
Vendor as issued an updated vulnerability.

Patch Availability:
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3C4EFB9800.5010106@apache.org%3E

CVE Information:
CVE-2011-4858

Disclosure Timeline:
Published:Dec 29 2011
Updated:Aug 08 2012

Categories: News