CVE-2011-4885
Published: 29 December 2011
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Priority
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.3.9)
|
Patches: Upstream: http://svn.php.net/viewvc?view=revision&revision=321003 Upstream: http://svn.php.net/viewvc?view=revision&revision=321040 |