logo
DATABASE RESOURCES PRICING ABOUT US

Fixed in Apache Tomcat 5.5.35

Description

**Important: Denial of service** [CVE-2012-0022](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022>) Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values. This was fixed in revisions [1221282](<https://svn.apache.org/viewvc?view=rev&rev=1221282>), [1224640](<https://svn.apache.org/viewvc?view=rev&rev=1224640>) and [1228191](<https://svn.apache.org/viewvc?view=rev&rev=1228191>). This was identified by the Tomcat security team on 21 October 2011 and made public on 17 January 2012. Affects: 5.5.0-5.5.34


Affected Software


CPE Name Name Version
apache tomcat 5.5.0
apache tomcat 5.5.34

Related