CVE-2012-0022

Priority
Medium
Description
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23
uses an inefficient approach for handling parameters, which allows remote
attackers to cause a denial of service (CPU consumption) via a request that
contains many parameters and parameter values, a different vulnerability
than CVE-2011-4858.
References
Bugs
Notes
mdeslaur> upstream bug says last commit isn't in 6.0.35.
Assigned-to
mdeslaur
Package
Upstream:released (7.0.23)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.10 (Oneiric Ocelot):released (7.0.21-1ubuntu0.1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (7.0.26-1ubuntu1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (7.0.29-0ubuntu1)
Ubuntu 13.04 (Raring Ringtail):not-affected (7.0.29-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (6.0.24-2ubuntu1.10)
Ubuntu 11.10 (Oneiric Ocelot):released (6.0.32-5ubuntu1.2)
Ubuntu 12.04 LTS (Precise Pangolin):released (6.0.35-1ubuntu1)
Ubuntu 12.10 (Quantal Quetzal):released (6.0.35-1ubuntu1)
Ubuntu 13.04 (Raring Ringtail):released (6.0.35-1ubuntu1)
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1140904 (backporting)
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1199122 (backporting)
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1200601
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1206324
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1229027
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.04 (Raring Ringtail):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2013-03-16 08:15:00 UTC (commit 6595)