CVE-2012-0022

First published: Thu Jan 19 2012(Updated: )

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Apache Tomcat	=5.5.0
Apache Tomcat	=5.5.1
Apache Tomcat	=5.5.2
Apache Tomcat	=5.5.3
Apache Tomcat	=5.5.4
Apache Tomcat	=5.5.5
Apache Tomcat	=5.5.6
Apache Tomcat	=5.5.7
Apache Tomcat	=5.5.8
Apache Tomcat	=5.5.9
Apache Tomcat	=5.5.10
Apache Tomcat	=5.5.11
Apache Tomcat	=5.5.12
Apache Tomcat	=5.5.13
Apache Tomcat	=5.5.14
Apache Tomcat	=5.5.15
Apache Tomcat	=5.5.16
Apache Tomcat	=5.5.17
Apache Tomcat	=5.5.18
Apache Tomcat	=5.5.19
Apache Tomcat	=5.5.20
Apache Tomcat	=5.5.21
Apache Tomcat	=5.5.22
Apache Tomcat	=5.5.23
Apache Tomcat	=5.5.24
Apache Tomcat	=5.5.25
Apache Tomcat	=5.5.26
Apache Tomcat	=5.5.27
Apache Tomcat	=5.5.28
Apache Tomcat	=5.5.29
Apache Tomcat	=5.5.30
Apache Tomcat	=5.5.31
Apache Tomcat	=5.5.32
Apache Tomcat	=5.5.33
Apache Tomcat	=5.5.34
Apache Tomcat	=6.0
Apache Tomcat	=6.0.0
Apache Tomcat	=6.0.1
Apache Tomcat	=6.0.2
Apache Tomcat	=6.0.3
Apache Tomcat	=6.0.4
Apache Tomcat	=6.0.5
Apache Tomcat	=6.0.6
Apache Tomcat	=6.0.7
Apache Tomcat	=6.0.8
Apache Tomcat	=6.0.9
Apache Tomcat	=6.0.10
Apache Tomcat	=6.0.11
Apache Tomcat	=6.0.12
Apache Tomcat	=6.0.13
Apache Tomcat	=6.0.14
Apache Tomcat	=6.0.15
Apache Tomcat	=6.0.16
Apache Tomcat	=6.0.17
Apache Tomcat	=6.0.18
Apache Tomcat	=6.0.19
Apache Tomcat	=6.0.20
Apache Tomcat	=6.0.24
Apache Tomcat	=6.0.26
Apache Tomcat	=6.0.27
Apache Tomcat	=6.0.28
Apache Tomcat	=6.0.29
Apache Tomcat	=6.0.30
Apache Tomcat	=6.0.31
Apache Tomcat	=6.0.32
Apache Tomcat	=6.0.33
Apache Tomcat	=7.0.0
Apache Tomcat	=7.0.0-beta
Apache Tomcat	=7.0.1
Apache Tomcat	=7.0.2
Apache Tomcat	=7.0.3
Apache Tomcat	=7.0.4
Apache Tomcat	=7.0.5
Apache Tomcat	=7.0.6
Apache Tomcat	=7.0.7
Apache Tomcat	=7.0.8
Apache Tomcat	=7.0.9
Apache Tomcat	=7.0.10
Apache Tomcat	=7.0.11
Apache Tomcat	=7.0.12
Apache Tomcat	=7.0.13
Apache Tomcat	=7.0.14
Apache Tomcat	=7.0.15
Apache Tomcat	=7.0.16
Apache Tomcat	=7.0.17
Apache Tomcat	=7.0.18
Apache Tomcat	=7.0.19
Apache Tomcat	=7.0.20
Apache Tomcat	=7.0.21
Apache Tomcat	=7.0.22
maven/org.apache.tomcat:tomcat	>=7.0.0<7.0.23	7.0.23
maven/org.apache.tomcat:tomcat	>=6.0.0<6.0.34	6.0.34
maven/org.apache.tomcat:tomcat	>=5.5.0<5.5.35	5.5.35
redhat/tomcat5	<5.5.35	5.5.35
redhat/tomcat6	<6.0.35	6.0.35

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
agent/first-publish-date
agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-8h2q-qm9x-55jc
alias/CVE-2012-0022
agent/software-canonical-lookup
agent/weakness
agent/last-modified-date
agent/event
collector/nvd-cve
source/NVD
agent/author
collector/redhat-bugzilla
source/Red Hat
agent/severity
agent/references
agent/softwarecombine
agent/description
agent/tags
collector/github-advisory
vendor/apache
canonical/apache tomcat
version/apache tomcat/5.5.0
version/apache tomcat/5.5.1
version/apache tomcat/5.5.2
version/apache tomcat/5.5.3
version/apache tomcat/5.5.4
version/apache tomcat/5.5.5
version/apache tomcat/5.5.6
version/apache tomcat/5.5.7
version/apache tomcat/5.5.8
version/apache tomcat/5.5.9
version/apache tomcat/5.5.10
version/apache tomcat/5.5.11
version/apache tomcat/5.5.12
version/apache tomcat/5.5.13
version/apache tomcat/5.5.14
version/apache tomcat/5.5.15
version/apache tomcat/5.5.16
version/apache tomcat/5.5.17
version/apache tomcat/5.5.18
version/apache tomcat/5.5.19
version/apache tomcat/5.5.20
version/apache tomcat/5.5.21
version/apache tomcat/5.5.22
version/apache tomcat/5.5.23
version/apache tomcat/5.5.24
version/apache tomcat/5.5.25
version/apache tomcat/5.5.26
version/apache tomcat/5.5.27
version/apache tomcat/5.5.28
version/apache tomcat/5.5.29
version/apache tomcat/5.5.30
version/apache tomcat/5.5.31
version/apache tomcat/5.5.32
version/apache tomcat/5.5.33
version/apache tomcat/5.5.34
version/apache tomcat/6.0
version/apache tomcat/6.0.0
version/apache tomcat/6.0.1
version/apache tomcat/6.0.2
version/apache tomcat/6.0.3
version/apache tomcat/6.0.4
version/apache tomcat/6.0.5
version/apache tomcat/6.0.6
version/apache tomcat/6.0.7
version/apache tomcat/6.0.8
version/apache tomcat/6.0.9
version/apache tomcat/6.0.10
version/apache tomcat/6.0.11
version/apache tomcat/6.0.12
version/apache tomcat/6.0.13
version/apache tomcat/6.0.14
version/apache tomcat/6.0.15
version/apache tomcat/6.0.16
version/apache tomcat/6.0.17
version/apache tomcat/6.0.18
version/apache tomcat/6.0.19
version/apache tomcat/6.0.20
version/apache tomcat/6.0.24
version/apache tomcat/6.0.26
version/apache tomcat/6.0.27
version/apache tomcat/6.0.28
version/apache tomcat/6.0.29
version/apache tomcat/6.0.30
version/apache tomcat/6.0.31
version/apache tomcat/6.0.32
version/apache tomcat/6.0.33
version/apache tomcat/7.0.0
version/apache tomcat/7.0.0-beta
version/apache tomcat/7.0.1
version/apache tomcat/7.0.2
version/apache tomcat/7.0.3
version/apache tomcat/7.0.4
version/apache tomcat/7.0.5
version/apache tomcat/7.0.6
version/apache tomcat/7.0.7
version/apache tomcat/7.0.8
version/apache tomcat/7.0.9
version/apache tomcat/7.0.10
version/apache tomcat/7.0.11
version/apache tomcat/7.0.12
version/apache tomcat/7.0.13
version/apache tomcat/7.0.14
version/apache tomcat/7.0.15
version/apache tomcat/7.0.16
version/apache tomcat/7.0.17
version/apache tomcat/7.0.18
version/apache tomcat/7.0.19
version/apache tomcat/7.0.20
version/apache tomcat/7.0.21
version/apache tomcat/7.0.22
package-manager/maven
package-manager/redhat

CVE-2012-0022

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact