CVE-2012-0022
Published: 18 January 2012
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Notes
Author | Note |
---|---|
mdeslaur | upstream bug says last commit isn't in 6.0.35. |
Priority
Status
Package | Release | Status |
---|---|---|
tomcat5.5 Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Needs triage
|
|
tomcat6 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(6.0.24-2ubuntu1.10)
|
|
maverick |
Released
(6.0.28-2ubuntu1.6)
|
|
natty |
Released
(6.0.28-10ubuntu2.3)
|
|
oneiric |
Released
(6.0.32-5ubuntu1.2)
|
|
precise |
Released
(6.0.35-1ubuntu1)
|
|
quantal |
Released
(6.0.35-1ubuntu1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1140904 (backporting) upstream: http://svn.apache.org/viewvc?view=revision&revision=1199122 (backporting) upstream: http://svn.apache.org/viewvc?view=revision&revision=1200601 upstream: http://svn.apache.org/viewvc?view=revision&revision=1206324 upstream: http://svn.apache.org/viewvc?view=revision&revision=1229027 |
||
tomcat7 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Released
(7.0.21-1ubuntu0.1)
|
|
precise |
Not vulnerable
(7.0.26-1ubuntu1)
|
|
quantal |
Not vulnerable
(7.0.29-0ubuntu1)
|
|
upstream |
Released
(7.0.23)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022
- http://tomcat.apache.org/security.html
- http://tomcat.apache.org/security-7.html
- http://tomcat.apache.org/security-6.html
- http://tomcat.apache.org/security-5.html
- https://ubuntu.com/security/notices/USN-1359-1
- NVD
- Launchpad
- Debian