Lucene search

K
cve[email protected]CVE-2011-4885
HistoryDec 30, 2011 - 1:55 a.m.

CVE-2011-4885

2011-12-3001:55:01
CWE-20
web.nvd.nist.gov
183
php
cve-2011-4885
denial of service
hash collision
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

8.4

Confidence

High

EPSS

0.875

Percentile

98.7%

PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Affected configurations

NVD
Node
phpphpRange5.3.8
OR
phpphpMatch5.0.0
OR
phpphpMatch5.0.0beta1
OR
phpphpMatch5.0.0beta2
OR
phpphpMatch5.0.0beta3
OR
phpphpMatch5.0.0beta4
OR
phpphpMatch5.0.0rc1
OR
phpphpMatch5.0.0rc2
OR
phpphpMatch5.0.0rc3
OR
phpphpMatch5.0.1
OR
phpphpMatch5.0.2
OR
phpphpMatch5.0.3
OR
phpphpMatch5.0.4
OR
phpphpMatch5.0.5
OR
phpphpMatch5.1.1
OR
phpphpMatch5.1.2
OR
phpphpMatch5.1.3
OR
phpphpMatch5.1.4
OR
phpphpMatch5.1.5
OR
phpphpMatch5.1.6
OR
phpphpMatch5.2.0
OR
phpphpMatch5.2.1
OR
phpphpMatch5.2.2
OR
phpphpMatch5.2.3
OR
phpphpMatch5.2.4
OR
phpphpMatch5.2.5
OR
phpphpMatch5.2.6
OR
phpphpMatch5.2.7
OR
phpphpMatch5.2.8
OR
phpphpMatch5.2.9
OR
phpphpMatch5.2.10
OR
phpphpMatch5.2.11
OR
phpphpMatch5.2.12
OR
phpphpMatch5.2.14
OR
phpphpMatch5.2.15
OR
phpphpMatch5.2.16
OR
phpphpMatch5.2.17
OR
phpphpMatch5.3.0
OR
phpphpMatch5.3.1
OR
phpphpMatch5.3.2
OR
phpphpMatch5.3.3
OR
phpphpMatch5.3.4
OR
phpphpMatch5.3.5
OR
phpphpMatch5.3.6
OR
phpphpMatch5.3.7
VendorProductVersionCPE
phpphp5.0.0cpe:/a:php:php:5.0.0:beta3::
phpphpcpe:/a:php:php::::
phpphp5.0.0cpe:/a:php:php:5.0.0:beta4::
phpphp5.2.7cpe:/a:php:php:5.2.7:::
phpphp5.0.0cpe:/a:php:php:5.0.0:rc3::
phpphp5.2.16cpe:/a:php:php:5.2.16:::
phpphp5.1.5cpe:/a:php:php:5.1.5:::
phpphp5.0.3cpe:/a:php:php:5.0.3:::
phpphp5.2.17cpe:/a:php:php:5.2.17:::
phpphp5.3.0cpe:/a:php:php:5.3.0:::
Rows per page:
1-10 of 451

References

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

8.4

Confidence

High

EPSS

0.875

Percentile

98.7%