CVE-2012-0022
published 2012-01-19CVE-2012-0022: Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers…
PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
10.86%
95.3th percentile
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Affected
94 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
ghsa5.0MEDIUM
osv5.0MEDIUM
vendor_redhat7.5HIGH
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
vendor_vmware·2012-03-15·CVSS 7.2
CVE-2010-0405 [HIGH] VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
VMSA-2012-0005: VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi and ESX address several security issues
a. VMware Tools Display Driver Privilege Escalation The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on Windows-based Guest Operating Systems. VMware would like to thank Tarjei Mandt for reporting theses issues to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-1509 (XPDM buffer overrun), CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null pointer dereference) to these issues. Note: CVE-2012-1509 do
Ubuntu
Tomcat vulnerabilities
vendor_ubuntu·2012-02-13·CVSS 5.0
CVE-2011-3375 [MEDIUM] Tomcat vulnerabilities
Title: Tomcat vulnerabilities
Summary: Tomcat could be made to crash or expose sensitive information if it
received specially crafted network traffic.
It was discovered that Tomcat incorrectly performed certain caching and
recycling operations. A remote attacker could use this flaw to obtain read
access to IP address and HTTP header information in certain cases. This
issue only applied to Ubuntu 11.10. (CVE-2011-3375)
It was discovered that Tomcat computed hash values for form parameters
without restricting the ability to trigger hash collisions predictably.
A remote attacker could cause a denial of service by sending many crafted
parameters. (CVE-2011-4858)
It was discovered that Tomcat incorrectly handled parameters. A remote
attacker could cause a denial of service by sending reques
Red Hat
tomcat: large number of parameters DoS
vendor_redhat·2012-01-17·CVSS 5.0
CVE-2012-0022 [MEDIUM] tomcat: large number of parameters DoS
tomcat: large number of parameters DoS
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Red Hat
glibc: stack overflow in getaddrinfo()'s use of alloca()
vendor_redhat·2011-04-13·CVSS 7.5
CVE-2013-4357 [HIGH] CWE-121 glibc: stack overflow in getaddrinfo()'s use of alloca()
glibc: stack overflow in getaddrinfo()'s use of alloca()
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.
Statement: This issue has already been addressed in Red Hat Enterprise Linux 5 via http://rhn.redhat.com/errata/RHBA-2013-0022.html and in Red Hat Enterprise Linux 6 via http://rhn.redhat.com/errata/RHBA-2012-0763.html
Package: glibc (Red Hat Enterprise Linux 5) - Not affected
Package: glibc (Red Hat Enterprise Linux 6) - Not affected
Package: glibc (Red Hat Enterprise Linux 7) - Not affected
Red Hat
glibc: stack overflow in getaddrinfo()'s use of alloca()
vendor_redhat·2011-04-13·CVSS 7.5
CVE-2012-6686 [HIGH] CWE-121 glibc: stack overflow in getaddrinfo()'s use of alloca()
glibc: stack overflow in getaddrinfo()'s use of alloca()
[REJECTED CVE] This CVE has been rejected. This candidate is a duplicate of CVE-2013-4357. Note: All CVE users should reference CVE-2013-4357 instead of this candidate.
Statement: This issue has already been addressed in Red Hat Enterprise Linux 5 via http://rhn.redhat.com/errata/RHBA-2013-0022.html and in Red Hat Enterprise Linux 6 via http://rhn.redhat.com/errata/RHBA-2012-0763.html
Package: glibc (Red Hat Enterprise Linux 7) - Not affected
OSV
Denial of Service in Apache Tomcat
osv·2022-05-04·CVSS 5.0
CVE-2012-0022 [MEDIUM] Denial of Service in Apache Tomcat
Denial of Service in Apache Tomcat
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
GHSA
Denial of Service in Apache Tomcat
ghsa·2022-05-04·CVSS 5.0
CVE-2012-0022 [MEDIUM] Denial of Service in Apache Tomcat
Denial of Service in Apache Tomcat
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-0022 tomcat: large number of parameters DoS [fedora-16]
bugzilla·2012-01-22·CVSS 5.0
CVE-2012-0022 [MEDIUM] CVE-2012-0022 tomcat: large number of parameters DoS [fedora-16]
CVE-2012-0022 tomcat: large number of parameters DoS [fedora-16]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=78335
Bugzilla
CVE-2012-0022 tomcat6: large number of parameters DoS [fedora-all]
bugzilla·2012-01-22·CVSS 5.0
CVE-2012-0022 [MEDIUM] CVE-2012-0022 tomcat6: large number of parameters DoS [fedora-all]
CVE-2012-0022 tomcat6: large number of parameters DoS [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=783
Bugzilla
CVE-2012-0022 tomcat: large number of parameters DoS
bugzilla·2012-01-20·CVSS 5.0
CVE-2012-0022 [MEDIUM] CVE-2012-0022 tomcat: large number of parameters DoS
CVE-2012-0022 tomcat: large number of parameters DoS
From the upstream advisory [1]:
Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.
Upstream has released 7.0.23, 6.0.35 and 5.5.35 to correct this flaw. Earlier versions of Tomcat may also be affected.
[1] http://seclists.org/bugtraq/2012/Jan/111
Discussion:
As noted in bug #750521, the fixes do overlap wit
Bugzilla
CVE-2011-4858 tomcat: hash table collisions CPU usage DoS (oCERT-2011-003)
bugzilla·2011-11-01·CVSS 5.0
CVE-2011-4858 [MEDIUM] CVE-2011-4858 tomcat: hash table collisions CPU usage DoS (oCERT-2011-003)
CVE-2011-4858 tomcat: hash table collisions CPU usage DoS (oCERT-2011-003)
Julian Wälde and Alexander Klink reported a way to degrade performance of the Java Hashtable implementation by filling the hash table with keys with identical hash codes - see bug #750533 for details. This issue can be used to mount an efficient denial of service attack against Tomcat application server, that parses HTTP request parameters to a hash table and hence exposes this problem. A remote attack could use that to make Tomcat java process use an excessive amount of CPU time by sending a POST request with large amount of parameters which hash to the same value.
Discussion:
Acknowledgements:
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the
http://archives.neohapsis.com/archives/bugtraq/2012-01/0112.htmlhttp://marc.info/?l=bugtraq&m=132871655717248&w=2http://marc.info/?l=bugtraq&m=133294394108746&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://rhn.redhat.com/errata/RHSA-2012-0074.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0075.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0076.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0077.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0078.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0325.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0345.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1331.htmlhttp://secunia.com/advisories/48213http://secunia.com/advisories/48549http://secunia.com/advisories/48790http://secunia.com/advisories/48791http://secunia.com/advisories/50863http://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://www.debian.org/security/2012/dsa-2401http://www.mandriva.com/security/advisories?name=MDVSA-2012:085http://www.mandriva.com/security/advisories?name=MDVSA-2013:150http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.htmlhttp://www.securityfocus.com/bid/51447https://exchange.xforce.ibmcloud.com/vulnerabilities/72425https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16925https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18934http://archives.neohapsis.com/archives/bugtraq/2012-01/0112.htmlhttp://marc.info/?l=bugtraq&m=132871655717248&w=2http://marc.info/?l=bugtraq&m=133294394108746&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://rhn.redhat.com/errata/RHSA-2012-0074.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0075.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0076.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0077.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0078.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0325.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0345.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1331.htmlhttp://secunia.com/advisories/48213http://secunia.com/advisories/48549http://secunia.com/advisories/48790http://secunia.com/advisories/48791http://secunia.com/advisories/50863http://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://www.debian.org/security/2012/dsa-2401http://www.mandriva.com/security/advisories?name=MDVSA-2012:085http://www.mandriva.com/security/advisories?name=MDVSA-2013:150http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.htmlhttp://www.securityfocus.com/bid/51447https://exchange.xforce.ibmcloud.com/vulnerabilities/72425https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16925https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18934
2012-01-19
Published