Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
apache Tomcat 5.5.34, 6.0.34, 7.0.22; and prior versions
A remote user can cause performance to degrade on the target server.
A vulnerability was reported in Apache Tomcat. A remote user can cause denial of service conditions. A remote user can send specially crafted POST request values to trigger hash collisions and cause significant performance degradation on the target server.
The vulnerability is caused due to an error within a hash generation function when hashing form posts and updating a hash table. This can be exploited to cause a hash collision resulting in high CPU consumption via a specially crafted form sent in a HTTP POST request.