You are here

CVE-2012-0022

Vincent (CVE) Danen's picture
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Details Source

Mitre

Public Date

2012-01-17 00:00:00

Impact

Moderate

Bugzilla

CVE-2012-0022 tomcat: large number of parameters DoS

Bugzilla ID

783 359

CVSS Status

verified

Base Score

5.00

Base Metrics

AV:N/AC:L/Au:N/C:N/I:N/A:P

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss SOA Platform 5.2 RHSA-2012:0325 2012-02-22
Red Hat JBoss Portal 5.2 RHSA-2012:0325 2012-02-22
Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server (tomcat6) RHSA-2012:0682 2012-05-21
Red Hat Enterprise Linux 6 (tomcat6) RHSA-2012:0475 2012-04-11
Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server (jbossweb) RHSA-2012:0074 2012-01-31
Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS (jbossweb) RHSA-2012:0074 2012-01-31
Red Hat JBoss Portal 4.3 RHSA-2012:0345 2012-03-01
Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server (jbossweb) RHSA-2012:0074 2012-01-31
JBoss Communications Platform 5.1 RHSA-2012:0078 2012-01-31
Red Hat JBoss Web Platform 5.1 RHSA-2012:0077 2012-01-31
Red Hat JBoss Enterprise Web Server 1 for RHEL 6 Server (tomcat5) RHSA-2012:0680 2012-05-21
JBoss Enterprise BRMS Platform 5.1 RHSA-2012:0325 2012-02-22
Red Hat JBoss Web Platform 5 for RHEL 4 AS (jbossweb) RHSA-2012:0076 2012-01-31
Red Hat JBoss Web Server 1.0 RHSA-2012:0681 2012-05-21
Red Hat JBoss Operations Network 3.1 RHSA-2012:1331 2012-10-03
Red Hat Enterprise Linux 5 (tomcat5) RHSA-2012:0474 2012-04-11
Red Hat JBoss Enterprise Application Platform 5.1 RHSA-2012:0075 2012-01-31
Red Hat JBoss Web Server 1.0 RHSA-2012:0679 2012-05-21
Red Hat JBoss Web Platform 5 for RHEL 5 Server (jbossweb) RHSA-2012:0076 2012-01-31
Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server (tomcat6) RHSA-2012:0682 2012-05-21
Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server (tomcat5) RHSA-2012:0680 2012-05-21
Red Hat JBoss Web Platform 5 for RHEL 6 Server (jbossweb) RHSA-2012:0076 2012-01-31

Affected Packages State

Platform Package State
Red Hat Satellite 5.4 tomcat5 Affected
Red Hat Certificate System 7.3 for 4AS Tomcat Will not fix