CVE-2012-0022

Published: Jan 19, 2012Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Affected (90)

Products: Apache: Tomcat

Apache

1 product

Tomcat

Configuration A

35 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	Version 5.5.0
Apache Tomcat	Version 5.5.10
Apache Tomcat	Version 5.5.11
Apache Tomcat	Version 5.5.12
Apache Tomcat	Version 5.5.13
Apache Tomcat	Version 5.5.14
Apache Tomcat	Version 5.5.15
Apache Tomcat	Version 5.5.16
Apache Tomcat	Version 5.5.17
Apache Tomcat	Version 5.5.18
Apache Tomcat	Version 5.5.19
Apache Tomcat	Version 5.5.1
Apache Tomcat	Version 5.5.20
Apache Tomcat	Version 5.5.21
Apache Tomcat	Version 5.5.22
Apache Tomcat	Version 5.5.23
Apache Tomcat	Version 5.5.24
Apache Tomcat	Version 5.5.25
Apache Tomcat	Version 5.5.26
Apache Tomcat	Version 5.5.27
Apache Tomcat	Version 5.5.28
Apache Tomcat	Version 5.5.29
Apache Tomcat	Version 5.5.2
Apache Tomcat	Version 5.5.30
Apache Tomcat	Version 5.5.31
Apache Tomcat	Version 5.5.32
Apache Tomcat	Version 5.5.33
Apache Tomcat	Version 5.5.34
Apache Tomcat	Version 5.5.3
Apache Tomcat	Version 5.5.4
Apache Tomcat	Version 5.5.5
Apache Tomcat	Version 5.5.6
Apache Tomcat	Version 5.5.7
Apache Tomcat	Version 5.5.8
Apache Tomcat	Version 5.5.9

Configuration B

31 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	Version 6.0.0
Apache Tomcat	Version 6.0.10
Apache Tomcat	Version 6.0.11
Apache Tomcat	Version 6.0.12
Apache Tomcat	Version 6.0.13
Apache Tomcat	Version 6.0.14
Apache Tomcat	Version 6.0.15
Apache Tomcat	Version 6.0.16
Apache Tomcat	Version 6.0.17
Apache Tomcat	Version 6.0.18
Apache Tomcat	Version 6.0.19
Apache Tomcat	Version 6.0.1
Apache Tomcat	Version 6.0.20
Apache Tomcat	Version 6.0.24
Apache Tomcat	Version 6.0.26
Apache Tomcat	Version 6.0.27
Apache Tomcat	Version 6.0.28
Apache Tomcat	Version 6.0.29
Apache Tomcat	Version 6.0.2
Apache Tomcat	Version 6.0.30
Apache Tomcat	Version 6.0.31
Apache Tomcat	Version 6.0.32
Apache Tomcat	Version 6.0.33
Apache Tomcat	Version 6.0.3
Apache Tomcat	Version 6.0.4
Apache Tomcat	Version 6.0.5
Apache Tomcat	Version 6.0.6
Apache Tomcat	Version 6.0.7
Apache Tomcat	Version 6.0.8
Apache Tomcat	Version 6.0.9
Apache Tomcat	Version 6.0

Configuration C

24 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	Version 7.0.0
Apache Tomcat	Version 7.0.0 beta
Apache Tomcat	Version 7.0.10
Apache Tomcat	Version 7.0.11
Apache Tomcat	Version 7.0.12
Apache Tomcat	Version 7.0.13
Apache Tomcat	Version 7.0.14
Apache Tomcat	Version 7.0.15
Apache Tomcat	Version 7.0.16
Apache Tomcat	Version 7.0.17
Apache Tomcat	Version 7.0.18
Apache Tomcat	Version 7.0.19
Apache Tomcat	Version 7.0.1
Apache Tomcat	Version 7.0.20
Apache Tomcat	Version 7.0.21
Apache Tomcat	Version 7.0.22
Apache Tomcat	Version 7.0.2
Apache Tomcat	Version 7.0.3
Apache Tomcat	Version 7.0.4
Apache Tomcat	Version 7.0.5
Apache Tomcat	Version 7.0.6
Apache Tomcat	Version 7.0.7
Apache Tomcat	Version 7.0.8
Apache Tomcat	Version 7.0.9

Related CWEs

CWE-189

References (64)

http://archives.neohapsis.com/archives/bugtraq/2012-01/0112.html

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=132871655717248&w=2

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=133294394108746&w=2

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=136485229118404&w=2

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-0074.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-0075.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-0076.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-0077.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-0078.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-0325.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-0345.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-1331.html

Source: secalert@redhat.com

http://secunia.com/advisories/48213

Source: secalert@redhat.com

http://secunia.com/advisories/48549

Source: secalert@redhat.com

http://secunia.com/advisories/48790

Source: secalert@redhat.com

http://secunia.com/advisories/48791

Source: secalert@redhat.com

http://secunia.com/advisories/50863

Source: secalert@redhat.com

http://tomcat.apache.org/security-5.html

Source: secalert@redhat.com

Vendor Advisory

http://tomcat.apache.org/security-6.html

Source: secalert@redhat.com

Vendor Advisory

http://tomcat.apache.org/security-7.html

Source: secalert@redhat.com

Vendor Advisory

http://www.debian.org/security/2012/dsa-2401

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2012:085

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/51447

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/72425

Source: secalert@redhat.com

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16925

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18934

Source: secalert@redhat.com

http://archives.neohapsis.com/archives/bugtraq/2012-01/0112.html