FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-0022

This CVE name corresponds to:

Entered Topic
2012-01-17 tomcat -- Denial of Service

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-0022 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-0022
Phase Assigned(20111207)

Description

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

References

Source Reference
BUGTRAQ 20120117 [SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service
CONFIRM http://tomcat.apache.org/security-5.html
CONFIRM http://tomcat.apache.org/security-6.html
CONFIRM http://tomcat.apache.org/security-7.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
DEBIAN DSA-2401
HP HPSBUX02741
HP HPSBUX02860
HP SSRT101146
MANDRIVA MDVSA-2013:150
REDHAT RHSA-2012:0345
REDHAT RHSA-2012:1331
REDHAT RHSA-2012:0074
REDHAT RHSA-2012:0075
REDHAT RHSA-2012:0076
REDHAT RHSA-2012:0077
REDHAT RHSA-2012:0078
REDHAT RHSA-2012:0325
BID 51447
OVAL oval:org.mitre.oval:def:16925
OVAL oval:org.mitre.oval:def:18934
SECUNIA 48213
SECUNIA 48790
SECUNIA 48791
SECUNIA 50863
XF apache-tomcat-parameter-dos(72425)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.