Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-8H2Q-QM9X-55JC
HistoryMay 04, 2022 - 12:27 a.m.

Denial of Service in Apache Tomcat

2022-05-0400:27:43
GitHub Advisory Database
github.com
13

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.651 Medium

EPSS

Percentile

97.9%

JSON

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Affected configurations

Vulners
Node
github_advisory_databaseorg.apache.tomcat\Matchtomcat
OR
github_advisory_databaseorg.apache.tomcat\Matchtomcat
OR
github_advisory_databaseorg.apache.tomcat\Matchtomcat

References

Related

openvas 28
centos 2
prion 2
oraclelinux 2
nessus 31
debiancve 2
cvelist 2
nvd 3
ubuntucve 2
osv 3
cve 3
redhat 11
ubuntu 1
checkpoint_advisories 1
github 1
tomcat 3
seebug 2
freebsd 1
securityvulns 6
ibm 7
debian 1
exploitpack 1
exploitdb 1
vmware 2
gentoo 1
oracle 1
openvas
openvas
FreeBSD Ports: tomcat
2012-02-12 00:00:00
CentOS Update for tomcat5 CESA-2012:0474 centos5
2012-07-30 00:00:00
Apache Tomcat 5.5.x < 5.5.35, 7.0.x < 7.0.23 DoS Vulnerability - Linux
2021-10-29 00:00:00
centos
centos
tomcat5 security update
2012-04-11 19:16:37
tomcat6 security update
2012-04-11 20:13:41
prion
prion
Design/Logic Flaw
2012-01-19 04:01:00
Code injection
2012-01-05 19:55:00
oraclelinux
oraclelinux
tomcat6 security update
2012-04-11 00:00:00
tomcat5 security update
2012-04-11 00:00:00
nessus
nessus
Oracle Linux 5 : tomcat5 (ELSA-2012-0474)
2013-07-12 00:00:00
Apache Tomcat 5.x < 5.5.35 Hash Collision Denial of Service
2012-01-13 00:00:00
RHEL 6 : tomcat6 (RHSA-2012:0475)
2012-04-12 00:00:00
debiancve
debiancve
CVE-2012-0022
2012-01-19 04:01:00
CVE-2011-4858
2012-01-05 19:55:00
cvelist
cvelist
CVE-2012-0022
2012-01-19 02:00:00
CVE-2011-4858
2012-01-05 19:00:00
nvd
nvd
CVE-2012-0022
2012-01-19 04:01:16
CVE-2011-4858
2012-01-05 19:55:01
CVE-2011-4084
2011-12-30 01:55:01
ubuntucve
ubuntucve
CVE-2012-0022
2012-01-18 00:00:00
CVE-2011-4858
2012-01-05 00:00:00
osv
osv
Denial of Service in Apache Tomcat
2022-05-04 00:27:43
Improper Input Validation in Apache Tomcat
2022-05-14 03:52:45
tomcat6 - several
2012-02-02 00:00:00
cve
cve
CVE-2012-0022
2012-01-19 04:01:16
CVE-2011-4858
2012-01-05 19:55:01
CVE-2011-4084
2011-12-30 01:55:01
redhat
redhat
(RHSA-2012:0474) Moderate: tomcat5 security update
2012-04-11 00:00:00
(RHSA-2012:0475) Moderate: tomcat6 security update
2012-04-11 00:00:00
(RHSA-2012:1331) Moderate: JBoss Operations Network 3.1.1 update
2012-10-03 15:08:03
ubuntu
ubuntu
Tomcat vulnerabilities
2012-02-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat Parameter Hash Collision Denial of Service - Ver2 (CVE-2011-4858)
2014-04-16 00:00:00
github
github
Improper Input Validation in Apache Tomcat
2022-05-14 03:52:45
tomcat
tomcat
Fixed in Apache Tomcat 7.0.23
2011-11-25 00:00:00
Fixed in Apache Tomcat 5.5.35
2012-01-16 00:00:00
Fixed in Apache Tomcat 6.0.35
2011-12-05 00:00:00
seebug
seebug
Apache Tomcat Large Number Denial Of Service
2012-01-18 00:00:00
PHP Hash Table Collision Proof Of Concept
2014-07-01 00:00:00
freebsd
freebsd
tomcat -- Denial of Service
2011-10-21 00:00:00
securityvulns
securityvulns
Apache Tomcat security vulnerabilities
2012-01-20 00:00:00
[security bulletin] HPSBMU02894 rev.1 - HP Network Node Manager I &#40;NNMi&#41; for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service &#40;DoS&#41;, Unauthorized Access, Execution of Arbitrary Code
2013-07-29 00:00:00
HP Network Node Manager multiple security vulnerabilities
2013-07-29 00:00:00
ibm
ibm
Security Bulletin: Tivoli Workload Dynamic Console Vulnerability exposure in Tivoli Integrated Portal component
2022-09-26 03:29:56
Security Bulletin: Tivoli Key Lifecycle Manager can be affected by multiple vulnerabilities in Tivoli Integrated Portal (CVE-2013-0464, CVE-2012-3325, CVE-2011-4858)
2022-09-25 21:06:56
Security Bulletin: Tivoli Storage Productivity Center, multiple security vulnerabilities in IBM Tivoli Integrated Portal (CVE-2013-0464, CVE-2012-3325, CVE-2011-4858)
2022-09-26 22:21:32
debian
debian
[SECURITY] [DSA 2401-1] tomcat6 security update
2012-02-02 19:29:50
exploitpack
exploitpack
PHP Hash Table Collision - Denial of Service (PoC)
2012-01-03 00:00:00
exploitdb
exploitdb
PHP Hash Table Collision - Denial of Service (PoC)
2012-01-03 00:00:00
vmware
vmware
VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
2012-03-15 00:00:00
VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues
2012-03-15 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2012-06-24 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2013
2013-01-15 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.651 Medium

EPSS

Percentile

97.9%

JSON
Related for GHSA-8H2Q-QM9X-55JC
openvas28centos2prion2oraclelinux2nessus31debiancve2cvelist2nvd3ubuntucve2osv3cve3redhat11ubuntu1checkpoint_advisories1github1tomcat3seebug2freebsd1securityvulns6ibm7debian1exploitpack1exploitdb1vmware2gentoo1oracle1