CVE-2012-0022 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=5.5.0 <5.5.35 || >=6.0.0 <6.0.34 || >=7.0.0 <7.0.23

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.23274 pctl0.95733

Details

Denial of Service in Apache Tomcat Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Metadata

Created: 2022-05-04T00:27:43Z
Modified: 2024-02-21T19:24:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8h2q-qm9x-55jc/GHSA-8h2q-qm9x-55jc.json
CWE IDs: []
Alternative ID: GHSA-8h2q-qm9x-55jc
Finding: F067
Auto approve: 1