Ubuntu.comUB:CVE-2012-0022CVE-2012-0022
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.651 Medium
EPSS
Percentile
97.9%
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23
uses an inefficient approach for handling parameters, which allows remote
attackers to cause a denial of service (CPU consumption) via a request that
contains many parameters and parameter values, a different vulnerability
than CVE-2011-4858.
Bugs
- <https://issues.apache.org/bugzilla/show_bug.cgi?id=52384>
- <https://bugzilla.redhat.com/show_bug.cgi?id=783359>
Notes
| Author | Note |
|---|---|
| mdeslaur | upstream bug says last commit isn’t in 6.0.35. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 10.04 | noarch | tomcat6 | < 6.0.24-2ubuntu1.10 | UNKNOWN |
| ubuntu | 10.10 | noarch | tomcat6 | < 6.0.28-2ubuntu1.6 | UNKNOWN |
| ubuntu | 11.04 | noarch | tomcat6 | < 6.0.28-10ubuntu2.3 | UNKNOWN |
| ubuntu | 11.10 | noarch | tomcat6 | < 6.0.32-5ubuntu1.2 | UNKNOWN |
| ubuntu | 12.04 | noarch | tomcat6 | < 6.0.35-1ubuntu1 | UNKNOWN |
| ubuntu | 12.10 | noarch | tomcat6 | < 6.0.35-1ubuntu1 | UNKNOWN |
| ubuntu | 11.10 | noarch | tomcat7 | < 7.0.21-1ubuntu0.1 | UNKNOWN |
References
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
tomcat.apache.org/security.html
launchpad.net/bugs/cve/CVE-2012-0022
nvd.nist.gov/vuln/detail/CVE-2012-0022
security-tracker.debian.org/tracker/CVE-2012-0022
ubuntu.com/security/notices/USN-1359-1
www.cve.org/CVERecord?id=CVE-2012-0022
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.651 Medium
EPSS
Percentile
97.9%