tomcat -- Denial of Service

2011-10-21T00:00:00
ID 7F5CCB1D-439B-11E1-BC16-0023AE8E59F0
Type freebsd
Reporter FreeBSD
Modified 2011-10-21T00:00:00

Description

The Tomcat security team reports:

Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.