Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-8H2Q-QM9X-55JC
HistoryMay 04, 2022 - 12:27 a.m.

Denial of Service in Apache Tomcat

2022-05-0400:27:43
Google
osv.dev
10

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.651 Medium

EPSS

Percentile

97.9%

JSON

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

References

Related

openvas 24
nessus 31
prion 2
centos 2
redhat 11
cve 3
github 2
debiancve 2
oraclelinux 2
ubuntucve 2
ubuntu 1
osv 2
checkpoint_advisories 1
seebug 2
tomcat 3
freebsd 1
securityvulns 6
ibm 7
debian 1
exploitpack 1
exploitdb 1
vmware 2
gentoo 1
oracle 1
openvas
openvas
CentOS Update for tomcat6 CESA-2012:0475 centos6
2012-07-30 00:00:00
RedHat Update for tomcat5 RHSA-2012:0474-01
2012-04-13 00:00:00
RedHat Update for tomcat6 RHSA-2012:0475-01
2012-07-09 00:00:00
nessus
nessus
Apache Tomcat 7.x < 7.0.23 Hash Collision DoS
2012-01-13 00:00:00
Oracle Solaris Third-Party Patch Update : tomcat (multiple_denial_of_service_dos)
2015-01-19 00:00:00
Mandriva Linux Security Advisory : tomcat5 (MDVSA-2012:085)
2012-05-31 00:00:00
prion
prion
Design/Logic Flaw
2012-01-19 04:01:00
Code injection
2012-01-05 19:55:00
centos
centos
tomcat5 security update
2012-04-11 19:16:37
tomcat6 security update
2012-04-11 20:13:41
redhat
redhat
(RHSA-2012:0474) Moderate: tomcat5 security update
2012-04-11 00:00:00
(RHSA-2012:0475) Moderate: tomcat6 security update
2012-04-11 00:00:00
(RHSA-2012:1331) Moderate: JBoss Operations Network 3.1.1 update
2012-10-03 15:08:03
cve
cve
CVE-2012-0022
2012-01-19 04:01:00
CVE-2011-4858
2012-01-05 19:55:00
CVE-2011-4084
2011-12-30 01:55:00
github
github
Denial of Service in Apache Tomcat
2022-05-04 00:27:43
Improper Input Validation in Apache Tomcat
2022-05-14 03:52:45
debiancve
debiancve
CVE-2012-0022
2012-01-19 04:01:00
CVE-2011-4858
2012-01-05 19:55:00
oraclelinux
oraclelinux
tomcat6 security update
2012-04-11 00:00:00
tomcat5 security update
2012-04-11 00:00:00
ubuntucve
ubuntucve
CVE-2012-0022
2012-01-18 00:00:00
CVE-2011-4858
2012-01-05 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2012-02-13 00:00:00
osv
osv
Improper Input Validation in Apache Tomcat
2022-05-14 03:52:45
tomcat6 - several
2012-02-02 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat Parameter Hash Collision Denial of Service - Ver2 (CVE-2011-4858)
2014-04-16 00:00:00
seebug
seebug
Apache Tomcat Large Number Denial Of Service
2012-01-18 00:00:00
PHP Hash Table Collision Proof Of Concept
2014-07-01 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 5.5.35
2012-01-16 00:00:00
Fixed in Apache Tomcat 7.0.23
2011-11-25 00:00:00
Fixed in Apache Tomcat 6.0.35
2011-12-05 00:00:00
freebsd
freebsd
tomcat -- Denial of Service
2011-10-21 00:00:00
securityvulns
securityvulns
Apache Tomcat security vulnerabilities
2012-01-20 00:00:00
[security bulletin] HPSBMU02894 rev.1 - HP Network Node Manager I &#40;NNMi&#41; for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service &#40;DoS&#41;, Unauthorized Access, Execution of Arbitrary Code
2013-07-29 00:00:00
VMSA-20120005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues
2012-03-20 00:00:00
ibm
ibm
Security Bulletin: Tivoli Key Lifecycle Manager can be affected by multiple vulnerabilities in Tivoli Integrated Portal (CVE-2013-0464, CVE-2012-3325, CVE-2011-4858)
2022-09-25 21:06:56
Security Bulletin: Tivoli Workload Dynamic Console Vulnerability exposure in Tivoli Integrated Portal component
2022-09-26 03:29:56
Security Bulletin: Tivoli Storage Productivity Center, multiple security vulnerabilities in IBM Tivoli Integrated Portal (CVE-2013-0464, CVE-2012-3325, CVE-2011-4858)
2022-09-26 22:21:32
debian
debian
[SECURITY] [DSA 2401-1] tomcat6 security update
2012-02-02 19:29:50
exploitpack
exploitpack
PHP Hash Table Collision - Denial of Service (PoC)
2012-01-03 00:00:00
exploitdb
exploitdb
PHP Hash Table Collision - Denial of Service (PoC)
2012-01-03 00:00:00
vmware
vmware
VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
2012-03-15 00:00:00
VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues
2012-03-15 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2012-06-24 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2013
2013-01-15 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.651 Medium

EPSS

Percentile

97.9%

JSON
Related for OSV:GHSA-8H2Q-QM9X-55JC
openvas24nessus31prion2centos2redhat11cve3github2debiancve2oraclelinux2ubuntucve2ubuntu1osv2checkpoint_advisories1seebug2tomcat3freebsd1securityvulns6ibm7debian1exploitpack1exploitdb1vmware2gentoo1oracle1