CVE-2012-0022Stack-based Buffer Overflow in Apache Tomcat

CWE-121Stack-based Buffer Overflow11 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
23.4%
top 4.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedJan 19
Latest updateMay 4

Description

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat89 versions+88

🔴Vulnerability Details

3
OSV
Denial of Service in Apache Tomcat2022-05-04
GHSA
Denial of Service in Apache Tomcat2022-05-04
CVEList
CVE-2012-0022: Apache Tomcat 52012-01-19

📋Vendor Advisories

4
Ubuntu
Tomcat vulnerabilities2012-02-13
Red Hat
tomcat: large number of parameters DoS2012-01-17
Red Hat
glibc: stack overflow in getaddrinfo()'s use of alloca()2011-04-13
Red Hat
glibc: stack overflow in getaddrinfo()'s use of alloca()2011-04-13

💬Community

3
Bugzilla
CVE-2012-0022 tomcat: large number of parameters DoS [fedora-16]2012-01-22
Bugzilla
CVE-2012-0022 tomcat6: large number of parameters DoS [fedora-all]2012-01-22
Bugzilla
CVE-2012-0022 tomcat: large number of parameters DoS2012-01-20
CVE-2012-0022 — Stack-based Buffer Overflow in Apache | cvebase