Description

The following problems were fixed in Apache Tomcat version 7.0.23:

  • Important: Denial of service CVE-2012-0022
    Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.


Affected Apache Tomcat versions (7.0.0 - 7.0.22).

Remediation

Upgrade to the latest version of Apache Tomcat.

References

CVE-2012-0022

Apache Tomcat 7.x vulnerabilities

Related Vulnerabilities

WordPress Plugin Duplicator-WordPress Migration Cross-Site Scripting (0.4.4)

WordPress Plugin GD Star Rating 'de' Parameter SQL Injection (1.9.10)

ZenCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2005-3996)

PHP Out-of-bounds Read Vulnerability (CVE-2018-20783)

MySQL CVE-2020-14791 Vulnerability (CVE-2020-14791)

Severity

High

Classification

CVE-2012-0022 CWE-189 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Tags

Configuration Denial Of Service Missing Update