CVE-2012-0022

Priority
Medium
Description
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23
uses an inefficient approach for handling parameters, which allows remote
attackers to cause a denial of service (CPU consumption) via a request that
contains many parameters and parameter values, a different vulnerability
than CVE-2011-4858.
References
Bugs
Notes
 mdeslaur> upstream bug says last commit isn't in 6.0.35.
Assigned-to
mdeslaur
Package
Upstream:released (7.0.23)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (7.0.26-1ubuntu1)
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (6.0.35-1ubuntu1)
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1140904 (backporting)
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1199122 (backporting)
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1200601
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1206324
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1229027
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:20 UTC (commit 9756)