Notified: November 01, 2011 Updated: November 01, 2011
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Updated: December 28, 2011
Affected
No statement is currently available from the vendor regarding this vulnerability.
According to the n.runs AG advisory: "Tomcat has released updates (7.0.23, 6.0.35) for this issue which limit the number of request parameters using a configuration parameter. The default value of 10.000 should provide sufficient protection."
Notified: November 01, 2011 Updated: November 01, 2011
Unknown
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: November 01, 2011 Updated: December 29, 2011
Affected
No statement is currently available from the vendor regarding this vulnerability.
Microsoft has released an update to the .NET Framework with Microsoft Security Bulletin MS11-100, which addresses this issue.
Notified: November 01, 2011 Updated: February 15, 2016
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
New information regarding this vulnerability in Java 8 was provided in Februrary 2016, which was sent to Oracle for review.
Notified: November 01, 2011 Updated: December 28, 2011
Affected
No statement is currently available from the vendor regarding this vulnerability.
According to the n.runs AG advisory: "CRuby and JRuby provide updates for this issue with a randomized hash function (CRuby 1.8.7-p357, JRuby 1.6.5.1, CVE-2011-4815)."
Updated: December 28, 2011
Affected
No statement is currently available from the vendor regarding this vulnerability.
According to the n.runs AG advisory: "PHP 5 uses the DJBX33A (Dan Bernstein's times 33, addition) hash function and parses POST form data into the $_POST hash table. Because of the structure of the hash function, it is vulnerable to an equivalent substring attack." From the Workarounds section: "The easiest way to reduce the impact of such an attack is to reduce the CPU time that a request is allowed to take. For PHP, this can be configured using the max_input_time parameter." PHP 5.4.0 RC4 has been released which adds a max_input_vars directive to help mitigate hash collision attacks. Please note that this is a release candidate, not a stable release.