Resource management error in Apache Tomcat - CVE-2011-4858

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Remediation

External links

• http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4EFB9800.5010106@apache.org%3e
• http://marc.info/?l=bugtraq&m=132871655717248&w=2
• http://marc.info/?l=bugtraq&m=133294394108746&w=2
• http://marc.info/?l=bugtraq&m=136485229118404&w=2
• http://rhn.redhat.com/errata/RHSA-2012-0074.html
• http://rhn.redhat.com/errata/RHSA-2012-0075.html
• http://rhn.redhat.com/errata/RHSA-2012-0076.html
• http://rhn.redhat.com/errata/RHSA-2012-0077.html
• http://rhn.redhat.com/errata/RHSA-2012-0078.html
• http://rhn.redhat.com/errata/RHSA-2012-0089.html
• http://rhn.redhat.com/errata/RHSA-2012-0325.html
• http://rhn.redhat.com/errata/RHSA-2012-0406.html
• http://secunia.com/advisories/48549
• http://secunia.com/advisories/48790
• http://secunia.com/advisories/48791
• http://secunia.com/advisories/54971
• http://secunia.com/advisories/55115
• http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
• http://www.debian.org/security/2012/dsa-2401
• http://www.kb.cert.org/vuls/id/903934
• http://www.nruns.com/_downloads/advisory28122011.pdf
• http://www.ocert.org/advisories/ocert-2011-003.html
• http://www.securityfocus.com/bid/51200
• https://bugzilla.redhat.com/show_bug.cgi?id=750521
• https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18886