Unrated severityNVD Advisory· Published Dec 30, 2011· Updated Apr 29, 2026
CVE-2011-4885
CVE-2011-4885
Description
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Affected products
45cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 44 more
- cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: <=5.3.8
- cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
27- www.kb.cert.org/vuls/id/903934nvdUS Government Resource
- archives.neohapsis.com/archives/bugtraq/2011-12/0181.htmlnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- lists.apple.com/archives/security-announce/2012/May/msg00001.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.htmlnvd
- marc.infonvd
- marc.infonvd
- rhn.redhat.com/errata/RHSA-2012-0071.htmlnvd
- secunia.com/advisories/47404nvd
- secunia.com/advisories/48668nvd
- support.apple.com/kb/HT5281nvd
- svn.php.net/viewvcnvd
- svn.php.net/viewvcnvd
- www.debian.org/security/2012/dsa-2399nvd
- www.exploit-db.com/exploits/18296nvd
- www.exploit-db.com/exploits/18305nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.nruns.com/_downloads/advisory28122011.pdfnvd
- www.ocert.org/advisories/ocert-2011-003.htmlnvd
- www.oracle.com/technetwork/topics/security/cpujul2012-392727.htmlnvd
- www.redhat.com/support/errata/RHSA-2012-0019.htmlnvd
- www.securityfocus.com/bid/51193nvd
- www.securitytracker.com/idnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/72021nvd
- github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.pynvd
News mentions
0No linked articles in our index yet.