CVE-2012-0022
Priority
Medium
Description
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23
uses an inefficient approach for handling parameters, which allows remote
attackers to cause a denial of service (CPU consumption) via a request that
contains many parameters and parameter values, a different vulnerability
than CVE-2011-4858.
uses an inefficient approach for handling parameters, which allows remote
attackers to cause a denial of service (CPU consumption) via a request that
contains many parameters and parameter values, a different vulnerability
than CVE-2011-4858.
References
Bugs
Notes
mdeslaur> upstream bug says last commit isn't in 6.0.35.
Assigned-to
mdeslaur
Package
| Upstream: | released (7.0.23) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | released (7.0.21-1ubuntu0.1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (7.0.26-1ubuntu1) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (7.0.29-0ubuntu1) |
| Ubuntu 13.04 (Raring Ringtail): | not-affected (7.0.29-0ubuntu1) |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (6.0.24-2ubuntu1.10) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (6.0.32-5ubuntu1.2) |
| Ubuntu 12.04 LTS (Precise Pangolin): | released (6.0.35-1ubuntu1) |
| Ubuntu 12.10 (Quantal Quetzal): | released (6.0.35-1ubuntu1) |
| Ubuntu 13.04 (Raring Ringtail): | released (6.0.35-1ubuntu1) |
Patches:
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
| Ubuntu 12.04 LTS (Precise Pangolin): | DNE |
| Ubuntu 12.10 (Quantal Quetzal): | DNE |
| Ubuntu 13.04 (Raring Ringtail): | DNE |