FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tomcat -- Denial of Service

Affected packages
5.5.0 < tomcat < 5.5.35
6.0.0 < tomcat < 6.0.34
7.0.0 < tomcat < 7.0.23

Details

VuXML ID 7f5ccb1d-439b-11e1-bc16-0023ae8e59f0
Discovery 2011-10-21
Entry 2012-01-17

The Tomcat security team reports:

Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.

References

CVE Name CVE-2012-0022
URL http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.35
URL http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.34
URL http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.23