Mandriva Update For Tomcat5 MDVSA-2012:085 (tomcat5) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been discovered and corrected in tomcat5: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858 (CVE-2012-0022). The updated packages have been patched to correct this issue.

Affected

tomcat5 on Mandriva Enterprise Server 5.2, Mandriva Linux 2010.1

Severity

Classification

CVE CVE-2011-4858, CVE-2012-0022

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:080 (glib2.0)
Mandrake Security Advisory MDVSA-2009:126 (eggdrop)
Mandrake Security Advisory MDVSA-2009:155 (git)
Mandrake Security Advisory MDVSA-2009:157 (perl-Compress-Raw-Zlib)
Mandrake Security Advisory MDVSA-2009:124 (apache)

Mandriva Update for tomcat5 MDVSA-2012:085 (tomcat5)

Take action and discover your vulnerabilities