CVE-2012-0022

Denial of Service in Apache Tomcat in maven/org.apache.tomcat/tomcat

Identifiers

GHSA-8h2q-qm9x-55jc, CVE-2012-0022

Package Slug

maven/org.apache.tomcat/tomcat

Vulnerability

Denial of Service in Apache Tomcat

Description

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Affected Versions

All versions starting from 5.5.0 before 5.5.35, all versions starting from 6.0.0 before 6.0.34, all versions starting from 7.0.0 before 7.0.23

Solution

Upgrade to versions 5.5.35, 6.0.34, 7.0.23 or above.

Last Modified

2022-07-25

source