Description

The following problems were fixed in Apache Tomcat version 7.0.23:

  • Important: Denial of service CVE-2012-0022
    Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.


Affected Apache Tomcat versions (7.0.0 - 7.0.22).

Remediation

Upgrade to the latest version of Apache Tomcat.

References

CVE-2012-0022

Apache Tomcat 7.x vulnerabilities

Related Vulnerabilities

WordPress Plugin Hungred Post Thumbnail 'hpt_file_upload.php' Arbitrary File Upload (2.1.9)

Ruby Resource Management Errors Vulnerability (CVE-2014-6438)

WebLogic Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-2725)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25145)

WordPress Plugin Testimonials Widget Cross-Site Scripting (3.5.1)

Severity

High

Classification

CVE-2012-0022 CWE-189 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Tags

Configuration Denial Of Service Missing Update