Lucene search
RootSSV:30033HistoryJan 18, 2012 - 12:00 a.m.
Apache Tomcat Large Number Denial Of Service
2012-01-1800:00:00
Root
www.seebug.org
22
0.07 Low
EPSS
Percentile
93.3%
No description provided by source.
CVE-2012-0022 Apache Tomcat Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.22
- Tomcat 6.0.0 to 6.0.33
- Tomcat 5.5.0 to 5.5.34
- Earlier, unsupported versions may also be affected
Description:
Analysis of the recent hash collision vulnerability identified unrelated
inefficiencies with Apache Tomcat's handling of large numbers of
parameters and parameter values. These inefficiencies could allow an
attacker, via a specially crafted request, to cause large amounts of CPU
to be used which in turn could create a denial of service.
The issue was addressed by modifying the Tomcat parameter handling code
to efficiently process large numbers of parameters and parameter values.
Mitigation:
Users of affected versions should apply one of the following mitigations:
- Tomcat 7.0.x users should upgrade to 7.0.23 or later
- Tomcat 6.0.x users should upgrade to 6.0.35 or later
- Tomcat 5.5.x users should upgrade to 5.5.35 or later
Credit:
The inefficiencies in handling large numbers of parameters were
identified by the Apache Tomcat security team.
References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-5.html
Related
redhat
redhat
(RHSA-2012:1331) Moderate: JBoss Operations Network 3.1.1 update
2012-10-03 15:08:03
(RHSA-2012:0474) Moderate: tomcat5 security update
2012-04-11 00:00:00
(RHSA-2012:0475) Moderate: tomcat6 security update
2012-04-11 00:00:00
openvas
openvas
Apache Tomcat Parameter Handling Denial of Service Vulnerability (Windows)
2012-01-20 00:00:00
CentOS Update for tomcat6 CESA-2012:0475 centos6
2012-07-30 00:00:00
RedHat Update for tomcat5 RHSA-2012:0474-01
2012-04-13 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 5.5.35
2012-01-16 00:00:00
Fixed in Apache Tomcat 7.0.23
2011-11-25 00:00:00
Fixed in Apache Tomcat 6.0.35
2011-12-05 00:00:00
nessus
nessus
FreeBSD : tomcat -- Denial of Service (7f5ccb1d-439b-11e1-bc16-0023ae8e59f0)
2012-01-23 00:00:00
Apache Tomcat 7.x < 7.0.23 Hash Collision DoS
2012-01-13 00:00:00
freebsd
freebsd
tomcat -- Denial of Service
2011-10-21 00:00:00
securityvulns
securityvulns
Apache Tomcat security vulnerabilities
2012-01-20 00:00:00
VMSA-20120005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues
2012-03-20 00:00:00
VMWare applications multiple security vulnerabilities
2012-03-20 00:00:00
debiancve
debiancve
CVE-2012-0022
2012-01-19 04:01:00
oraclelinux
oraclelinux
tomcat6 security update
2012-04-11 00:00:00
tomcat5 security update
2012-04-11 00:00:00
cve
cve
CVE-2012-0022
2012-01-19 04:01:00
github
github
Denial of Service in Apache Tomcat
2022-05-04 00:27:43
prion
prion
Design/Logic Flaw
2012-01-19 04:01:00
centos
centos
tomcat5 security update
2012-04-11 19:16:37
tomcat6 security update
2012-04-11 20:13:41
osv
osv
Denial of Service in Apache Tomcat
2022-05-04 00:27:43
tomcat6 - several
2012-02-02 00:00:00
ubuntucve
ubuntucve
CVE-2012-0022
2012-01-18 00:00:00
CVE-2011-4858
2012-01-05 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2012-02-13 00:00:00
vmware
vmware
debian
debian
[SECURITY] [DSA 2401-1] tomcat6 security update
2012-02-02 19:29:50
ibm
ibm
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2012-06-24 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2013
2013-01-15 00:00:00