Vulnerability Details : CVE-2011-4885
Public exploit exists!
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2011-4885
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*
Threat overview for CVE-2011-4885
Top countries where our scanners detected CVE-2011-4885
Top open port discovered on systems with this issue
80
IPs affected by CVE-2011-4885 195,561
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-4885!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-4885
84.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-4885
-
Hashtable Collisions
Disclosure Date: 2011-12-28First seen: 2020-04-26auxiliary/dos/http/hashcollision_dosThis module uses a denial-of-service (DoS) condition appearing in a variety of programming languages. This vulnerability occurs when storing multiple values in a hash table and all values have the same hash value. This can cause a web server parsing the POST paramete
CVSS scores for CVE-2011-4885
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-4885
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4885
-
http://marc.info/?l=bugtraq&m=133469208622507&w=2
'[security bulletin] HPSBOV02763 SSRT100826 rev.1 - HP Secure Web Server (SWS) for OpenVMS running PH' - MARC
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:197
mandriva.com
-
http://www.nruns.com/_downloads/advisory28122011.pdf
Best 7 Best Internet Security Software in 2019
-
http://www.redhat.com/support/errata/RHSA-2012-0019.html
Support
-
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
Apple - Lists.apple.com
-
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html
[security-announce] openSUSE-SU-2012:0426-1: important: update for php5
-
http://support.apple.com/kb/HT5281
About the security content of OS X Lion v10.7.4 and Security Update 2012-002 - Apple Support
-
http://rhn.redhat.com/errata/RHSA-2012-0071.html
RHSA-2012:0071 - Security Advisory - Red Hat Customer Portal
-
http://www.kb.cert.org/vuls/id/903934
VU#903934 - Hash table implementations vulnerable to algorithmic complexity attacksUS Government Resource
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/72021
PHP hash denial of service CVE-2011-4885 Vulnerability Report
-
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
-
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
Oracle Critical Patch Update - July 2012
-
http://www.ocert.org/advisories/ocert-2011-003.html
oCERT archive
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
mandriva.com
-
http://svn.php.net/viewvc?view=revision&revision=321003
PHP: Revision 321003
-
http://www.debian.org/security/2012/dsa-2399
Debian -- Security Information -- DSA-2399-2 php5
-
http://svn.php.net/viewvc?view=revision&revision=321040
PHP: Revision 321040
-
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html
[security-announce] SUSE-SU-2012:0411-1: important: Security update for
-
http://marc.info/?l=bugtraq&m=132871655717248&w=2
'[security bulletin] HPSBUX02741 SSRT100728 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remot' - MARC
-
https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
HashCollision-DOS-POC/HashtablePOC.py at master · FireFart/HashCollision-DOS-POC · GitHub
-
http://www.securitytracker.com/id?1026473
PHP Hash Table Collision Bug Lets Remote Users Deny Service - SecurityTracker
-
http://www.exploit-db.com/exploits/18305
PHP Hash Table Collision - Denial of Service (PoC) - PHP dos Exploit
-
http://www.securityfocus.com/bid/51193
PHP Web Form Hash Collision Denial Of Service Vulnerability
-
http://www.exploit-db.com/exploits/18296
PHP 5.3.8 - Hashtables Denial of Service - PHP dos Exploit
Jump to