Vulnerability Description
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 5.5.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-01/0112.html
- http://marc.info/?l=bugtraq&m=132871655717248&w=2
- http://marc.info/?l=bugtraq&m=133294394108746&w=2
- http://marc.info/?l=bugtraq&m=136485229118404&w=2
- http://rhn.redhat.com/errata/RHSA-2012-0074.html
- http://rhn.redhat.com/errata/RHSA-2012-0075.html
- http://rhn.redhat.com/errata/RHSA-2012-0076.html
- http://rhn.redhat.com/errata/RHSA-2012-0077.html
- http://rhn.redhat.com/errata/RHSA-2012-0078.html
- http://rhn.redhat.com/errata/RHSA-2012-0325.html
- http://rhn.redhat.com/errata/RHSA-2012-0345.html
- http://rhn.redhat.com/errata/RHSA-2012-1331.html
- http://secunia.com/advisories/48213
- http://secunia.com/advisories/48549
- http://secunia.com/advisories/48790
FAQ
What is CVE-2012-0022?
CVE-2012-0022 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consum...
How severe is CVE-2012-0022?
CVE-2012-0022 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0022?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.