Apache Tomcat Parameter Handling Denial Of Service Vulnerability (Win) Network Vulnerability

Summary

The host is running Apache Tomcat Server and is prone to denial of service vulnerability

Impact

Successful exploitation could allow remote attackers to cause a denial of service via a specially crafted request. Impact Level: Application.

Solution

Upgrade Apache Tomcat to 5.5.35, 6.0.34, 7.0.23 or later, For updates refer to http://tomcat.apache.org/

Insight

The flaw is due to improper handling of large numbers of parameters and parameter values, allows attackers to cause denial of service via a crafted request that contains many parameters and parameter values.

Affected

Apache Tomcat 5.5.x to 5.5.34, 6.x to 6.0.33 and 7.x to 7.0.22 on Windows.

References

http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/bid/51447/info

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0022

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

IBM WebSphere Application Server Multiple CSRF Vulnerabilities
IBM WebSphere Application Server Hash Collisions DOS Vulnerability
IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability
Apache Tomcat Request Object Security Bypass Vulnerability (Win)
Check for bdir.htr files

Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)

Take action and discover your vulnerabilities