The remote web server uses a version of PHP that is affected by a hash collision denial of service. A flaw exists in the way PHP generates hash tables for user-supplied values. By sending a small number of specially crafted POST requests to a web server that uses PHP, an attacker can take advantage of this flaw to cause a denial of service condition.
Note that this plugin only tests PHP version 5, and it only runs if 'Report paranoia' is set to 'Paranoid' and the 'Perform thorough tests' setting is enabled.
{"id": "PHP_5_HASH_COLLISION_DOS.NBIN", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "PHP Version 5 Hash Collision Form Parameter Parsing Remote DoS", "description": "The remote web server uses a version of PHP that is affected by a hash collision denial of service. A flaw exists in the way PHP generates hash tables for user-supplied values. By sending a small number of specially crafted POST requests to a web server that uses PHP, an attacker can take advantage of this flaw to cause a denial of service condition.\n\nNote that this plugin only tests PHP version 5, and it only runs if 'Report paranoia' is set to 'Paranoid' and the 'Perform thorough tests' setting is enabled.", "published": "2012-01-16T00:00:00", "modified": "2023-05-31T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/57557", "reporter": "This script is Copyright (C) 2012-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nruns.com/_downloads/advisory28122011.pdf", "http://www.php.net/ChangeLog-5.php#5.3.9", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4885"], "cvelist": [], "immutableFields": [], "lastseen": "2023-06-01T14:20:47", "viewCount": 25, "enchantments": {"dependencies": {"references": []}, "score": {"value": 2.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2012-037"]}, {"type": "centos", "idList": ["CESA-2012:0019", "CESA-2012:0033", "CESA-2012:0071", "CESA-2012:0092", "CESA-2012:0093"]}, {"type": "cert", "idList": ["VU:903934"]}, {"type": "checkpoint_security", "idList": ["CPS:SK66350"]}, {"type": "cve", "idList": ["CVE-2011-4885"]}, {"type": "exploitdb", "idList": ["EDB-ID:18296"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:B8DA2EAADC9FCF2EF821731BB51E75E7"]}, {"type": "f5", "idList": ["SOL13519", "SOL13588"]}, {"type": "fedora", "idList": ["FEDORA:4930D21410"]}, {"type": "freebsd", "idList": ["D3921810-3C80-11E1-97E8-00215C6A37BB"]}, {"type": "gentoo", "idList": ["GLSA-201209-03"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/APPLE-OSX-LOGINWINDOW-CVE-2011-4885/", "MSF:ILITIES/APPLE-OSX-PHP-CVE-2011-4885/"]}, {"type": "nessus", "idList": ["6263.PRM", "GENTOO_GLSA-201209-03.NASL", "OPENSUSE-2012-182.NASL", "ORACLELINUX_ELSA-2012-0033.NASL", "ORACLELINUX_ELSA-2012-0071.NASL", "REDHAT-RHSA-2012-0019.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310110012", "OPENVAS:1361412562310122011", "OPENVAS:1361412562310863706", "OPENVAS:1361412562310863740", "OPENVAS:1361412562310870533", "OPENVAS:1361412562310870542", "OPENVAS:1361412562310881147", "OPENVAS:70716", "OPENVAS:70717", "OPENVAS:870531", "OPENVAS:870542"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2012-392727"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0033"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:108294"]}, {"type": "redhat", "idList": ["RHSA-2012:0071"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12518"]}, {"type": "seebug", "idList": ["SSV:72458"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0426-1"]}, {"type": "ubuntu", "idList": ["USN-1358-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-4885"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2011-4885", "epss": 0.88298, "percentile": 0.98134, "modified": "2023-05-07"}], "vulnersScore": 2.4}, "_state": {"dependencies": 1685635868, "score": 1685629957, "epss": 0}, "_internal": {"score_hash": "a805518ec9587ecc3b8cfe39b6db0c6d"}, "pluginID": "57557", "sourceData": "Binary data php_5_hash_collision_dos.nbin", "naslFamily": "CGI abuses", "cpe": ["cpe:/a:php:php"], "solution": "Upgrade to PHP 5.3.9 or later.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vendor_cvss2": {"score": 5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "vendor_cvss3": {"score": null, "vector": null}, "vpr": {"risk factor": "Medium", "score": "5.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2012-01-11T00:00:00", "vulnerabilityPublicationDate": "2011-12-28T00:00:00", "exploitableWith": ["Core Impact", "Metasploit(Hashtable Collisions)"]}
PHP Version 5 Hash Collision Form Parameter Parsing Remote DoS