ID CVE-2012-0022
Summary Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 5.5.0
    cpe:2.3:a:apache:tomcat:5.5.0
  • Apache Software Foundation Tomcat 5.5.1
    cpe:2.3:a:apache:tomcat:5.5.1
  • Apache Software Foundation Tomcat 5.5.2
    cpe:2.3:a:apache:tomcat:5.5.2
  • Apache Software Foundation Tomcat 5.5.3
    cpe:2.3:a:apache:tomcat:5.5.3
  • Apache Software Foundation Tomcat 5.5.4
    cpe:2.3:a:apache:tomcat:5.5.4
  • Apache Software Foundation Tomcat 5.5.5
    cpe:2.3:a:apache:tomcat:5.5.5
  • Apache Software Foundation Tomcat 5.5.6
    cpe:2.3:a:apache:tomcat:5.5.6
  • Apache Software Foundation Tomcat 5.5.7
    cpe:2.3:a:apache:tomcat:5.5.7
  • Apache Software Foundation Tomcat 5.5.8
    cpe:2.3:a:apache:tomcat:5.5.8
  • Apache Software Foundation Tomcat 5.5.9
    cpe:2.3:a:apache:tomcat:5.5.9
  • Apache Software Foundation Tomcat 5.5.10
    cpe:2.3:a:apache:tomcat:5.5.10
  • Apache Software Foundation Tomcat 5.5.11
    cpe:2.3:a:apache:tomcat:5.5.11
  • Apache Software Foundation Tomcat 5.5.12
    cpe:2.3:a:apache:tomcat:5.5.12
  • Apache Software Foundation Tomcat 5.5.13
    cpe:2.3:a:apache:tomcat:5.5.13
  • Apache Software Foundation Tomcat 5.5.14
    cpe:2.3:a:apache:tomcat:5.5.14
  • Apache Software Foundation Tomcat 5.5.15
    cpe:2.3:a:apache:tomcat:5.5.15
  • Apache Software Foundation Tomcat 5.5.16
    cpe:2.3:a:apache:tomcat:5.5.16
  • Apache Software Foundation Tomcat 5.5.17
    cpe:2.3:a:apache:tomcat:5.5.17
  • Apache Software Foundation Tomcat 5.5.18
    cpe:2.3:a:apache:tomcat:5.5.18
  • Apache Software Foundation Tomcat 5.5.19
    cpe:2.3:a:apache:tomcat:5.5.19
  • Apache Software Foundation Tomcat 5.5.20
    cpe:2.3:a:apache:tomcat:5.5.20
  • Apache Software Foundation Tomcat 5.5.21
    cpe:2.3:a:apache:tomcat:5.5.21
  • Apache Software Foundation Tomcat 5.5.22
    cpe:2.3:a:apache:tomcat:5.5.22
  • Apache Software Foundation Tomcat 5.5.23
    cpe:2.3:a:apache:tomcat:5.5.23
  • Apache Software Foundation Tomcat 5.5.24
    cpe:2.3:a:apache:tomcat:5.5.24
  • Apache Software Foundation Tomcat 5.5.25
    cpe:2.3:a:apache:tomcat:5.5.25
  • Apache Software Foundation Tomcat 5.5.26
    cpe:2.3:a:apache:tomcat:5.5.26
  • Apache Software Foundation Tomcat 5.5.27
    cpe:2.3:a:apache:tomcat:5.5.27
  • Apache Software Foundation Tomcat 5.5.28
    cpe:2.3:a:apache:tomcat:5.5.28
  • Apache Software Foundation Tomcat 5.5.29
    cpe:2.3:a:apache:tomcat:5.5.29
  • Apache Software Foundation Tomcat 5.5.30
    cpe:2.3:a:apache:tomcat:5.5.30
  • Apache Software Foundation Tomcat 5.5.31
    cpe:2.3:a:apache:tomcat:5.5.31
  • Apache Software Foundation Tomcat 5.5.32
    cpe:2.3:a:apache:tomcat:5.5.32
  • Apache Software Foundation Tomcat 5.5.33
    cpe:2.3:a:apache:tomcat:5.5.33
  • Apache Software Foundation Tomcat 5.5.34
    cpe:2.3:a:apache:tomcat:5.5.34
  • Apache Software Foundation Tomcat 6.0
    cpe:2.3:a:apache:tomcat:6.0
  • Apache Software Foundation Tomcat 6.0.0
    cpe:2.3:a:apache:tomcat:6.0.0
  • Apache Software Foundation Tomcat 6.0.1
    cpe:2.3:a:apache:tomcat:6.0.1
  • Apache Software Foundation Tomcat 6.0.2
    cpe:2.3:a:apache:tomcat:6.0.2
  • Apache Software Foundation Tomcat 6.0.3
    cpe:2.3:a:apache:tomcat:6.0.3
  • Apache Software Foundation Tomcat 6.0.4
    cpe:2.3:a:apache:tomcat:6.0.4
  • Apache Software Foundation Tomcat 6.0.5
    cpe:2.3:a:apache:tomcat:6.0.5
  • Apache Software Foundation Tomcat 6.0.6
    cpe:2.3:a:apache:tomcat:6.0.6
  • Apache Software Foundation Tomcat 6.0.7
    cpe:2.3:a:apache:tomcat:6.0.7
  • Apache Software Foundation Tomcat 6.0.8
    cpe:2.3:a:apache:tomcat:6.0.8
  • Apache Software Foundation Tomcat 6.0.9
    cpe:2.3:a:apache:tomcat:6.0.9
  • Apache Software Foundation Tomcat 6.0.10
    cpe:2.3:a:apache:tomcat:6.0.10
  • Apache Software Foundation Tomcat 6.0.11
    cpe:2.3:a:apache:tomcat:6.0.11
  • Apache Software Foundation Tomcat 6.0.12
    cpe:2.3:a:apache:tomcat:6.0.12
  • Apache Software Foundation Tomcat 6.0.13
    cpe:2.3:a:apache:tomcat:6.0.13
  • Apache Software Foundation Tomcat 6.0.14
    cpe:2.3:a:apache:tomcat:6.0.14
  • Apache Software Foundation Tomcat 6.0.15
    cpe:2.3:a:apache:tomcat:6.0.15
  • Apache Software Foundation Tomcat 6.0.16
    cpe:2.3:a:apache:tomcat:6.0.16
  • Apache Software Foundation Tomcat 6.0.17
    cpe:2.3:a:apache:tomcat:6.0.17
  • Apache Software Foundation Tomcat 6.0.18
    cpe:2.3:a:apache:tomcat:6.0.18
  • Apache Software Foundation Tomcat 6.0.19
    cpe:2.3:a:apache:tomcat:6.0.19
  • Apache Software Foundation Tomcat 6.0.20
    cpe:2.3:a:apache:tomcat:6.0.20
  • Apache Software Foundation Tomcat 6.0.24
    cpe:2.3:a:apache:tomcat:6.0.24
  • Apache Software Foundation Tomcat 6.0.26
    cpe:2.3:a:apache:tomcat:6.0.26
  • Apache Software Foundation Tomcat 6.0.27
    cpe:2.3:a:apache:tomcat:6.0.27
  • Apache Software Foundation Tomcat 6.0.28
    cpe:2.3:a:apache:tomcat:6.0.28
  • Apache Software Foundation Tomcat 6.0.29
    cpe:2.3:a:apache:tomcat:6.0.29
  • Apache Software Foundation Tomcat 6.0.30
    cpe:2.3:a:apache:tomcat:6.0.30
  • Apache Software Foundation Tomcat 6.0.31
    cpe:2.3:a:apache:tomcat:6.0.31
  • Apache Software Foundation Tomcat 6.0.32
    cpe:2.3:a:apache:tomcat:6.0.32
  • Apache Software Foundation Tomcat 6.0.33
    cpe:2.3:a:apache:tomcat:6.0.33
  • Apache Software Foundation Tomcat 7.0.0
    cpe:2.3:a:apache:tomcat:7.0.0
  • Apache Software Foundation Tomcat 7.0.0 beta
    cpe:2.3:a:apache:tomcat:7.0.0:beta
  • Apache Software Foundation Tomcat 7.0.1
    cpe:2.3:a:apache:tomcat:7.0.1
  • Apache Software Foundation Tomcat 7.0.2
    cpe:2.3:a:apache:tomcat:7.0.2
  • Apache Software Foundation Tomcat 7.0.3
    cpe:2.3:a:apache:tomcat:7.0.3
  • Apache Software Foundation Tomcat 7.0.4
    cpe:2.3:a:apache:tomcat:7.0.4
  • Apache Software Foundation Tomcat 7.0.5
    cpe:2.3:a:apache:tomcat:7.0.5
  • Apache Software Foundation Tomcat 7.0.6
    cpe:2.3:a:apache:tomcat:7.0.6
  • Apache Software Foundation Tomcat 7.0.7
    cpe:2.3:a:apache:tomcat:7.0.7
  • Apache Software Foundation Tomcat 7.0.8
    cpe:2.3:a:apache:tomcat:7.0.8
  • Apache Software Foundation Tomcat 7.0.9
    cpe:2.3:a:apache:tomcat:7.0.9
  • Apache Software Foundation Tomcat 7.0.10
    cpe:2.3:a:apache:tomcat:7.0.10
  • Apache Software Foundation Tomcat 7.0.11
    cpe:2.3:a:apache:tomcat:7.0.11
  • Apache Software Foundation Tomcat 7.0.12
    cpe:2.3:a:apache:tomcat:7.0.12
  • Apache Software Foundation Tomcat 7.0.13
    cpe:2.3:a:apache:tomcat:7.0.13
  • Apache Software Foundation Tomcat 7.0.14
    cpe:2.3:a:apache:tomcat:7.0.14
  • Apache Software Foundation Tomcat 7.0.15
    cpe:2.3:a:apache:tomcat:7.0.15
  • Apache Software Foundation Tomcat 7.0.16
    cpe:2.3:a:apache:tomcat:7.0.16
  • Apache Software Foundation Tomcat 7.0.17
    cpe:2.3:a:apache:tomcat:7.0.17
  • Apache Software Foundation Tomcat 7.0.18
    cpe:2.3:a:apache:tomcat:7.0.18
  • Apache Software Foundation Tomcat 7.0.19
    cpe:2.3:a:apache:tomcat:7.0.19
  • Apache Software Foundation Tomcat 7.0.20
    cpe:2.3:a:apache:tomcat:7.0.20
  • Apache Software Foundation Tomcat 7.0.21
    cpe:2.3:a:apache:tomcat:7.0.21
  • Apache Software Foundation Tomcat 7.0.22
    cpe:2.3:a:apache:tomcat:7.0.22
CVSS
Base: 5.0 (as of 19-01-2012 - 14:31)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_TOMCAT6-130802.NASL
    description This update of tomcat6 fixes : - apache-tomcat-CVE-2012-3544.patch. (bnc#831119) - use chown --no-dereference to prevent symlink attacks on log (bnc#822177#c7/prevents CVE-2013-1976) - Fix tomcat init scripts generating malformed classpath ( http://youtrack.jetbrains.com/issue/JT-18545 ) bnc#804992 (patch from m407) - fix a typo in initscript. (bnc#768772) - copy all shell scripts (bnc#818948)
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 69458
    published 2013-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69458
    title SuSE 11.2 / 11.3 Security Update : tomcat6 (SAT Patch Numbers 8155 / 8156)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7F5CCB1D439B11E1BC160023AE8E59F0.NASL
    description The Tomcat security team reports : Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 57629
    published 2012-01-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57629
    title FreeBSD : tomcat -- Denial of Service (7f5ccb1d-439b-11e1-bc16-0023ae8e59f0)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201206-24.NASL
    description The remote host is affected by the vulnerability described in GLSA-201206-24 (Apache Tomcat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact : The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server’s hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 59677
    published 2012-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59677
    title GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-085.NASL
    description A vulnerability has been discovered and corrected in tomcat5 : Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858 (CVE-2012-0022). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 59315
    published 2012-05-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59315
    title Mandriva Linux Security Advisory : tomcat5 (MDVSA-2012:085)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1359-1.NASL
    description It was discovered that Tomcat incorrectly performed certain caching and recycling operations. A remote attacker could use this flaw to obtain read access to IP address and HTTP header information in certain cases. This issue only applied to Ubuntu 11.10. (CVE-2011-3375) It was discovered that Tomcat computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. A remote attacker could cause a denial of service by sending many crafted parameters. (CVE-2011-4858) It was discovered that Tomcat incorrectly handled parameters. A remote attacker could cause a denial of service by sending requests with a large number of parameters and values. (CVE-2012-0022). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 57933
    published 2012-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57933
    title Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : tomcat6 vulnerabilities (USN-1359-1)
  • NASL family Misc.
    NASL id VMWARE_VCENTER_VMSA-2012-0005.NASL
    description The version of VMware vCenter Server installed on the remote host is 4.0 before Update 4a, 4.1 before Update 3, or 5.0 before Update 1. As such it is potentially affected by multiple vulnerabilities in the embedded Apache Tomcat server and the Oracle (Sun) Java Runtime Environment.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 66812
    published 2013-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66812
    title VMware vCenter Server Multiple Vulnerabilities (VMSA-2012-0005)
  • NASL family Web Servers
    NASL id TOMCAT_6_0_35.NASL
    description According to its self-reported version number, the instance of Apache Tomcat 6.x listening on the remote host is prior to 6.0.35. It is, therefore, affected by multiple vulnerabilities : - Specially crafted requests are incorrectly processed by Tomcat and can cause the server to allow injection of arbitrary AJP messages. This can lead to authentication bypass and disclosure of sensitive information. (CVE-2011-3190) - An information disclosure vulnerability exists. Request information is cached in two objects and these objects are not recycled at the same time. Further requests can obtain sensitive information if certain error conditions occur. (CVE-2011-3375) - Large numbers of crafted form parameters can cause excessive CPU consumption due to hash collisions. (CVE-2011-4858, CVE-2012-0022) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 57080
    published 2011-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57080
    title Apache Tomcat 6.x < 6.0.35 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0074.NASL
    description Updated jbossweb packages that fix multiple security issues are now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages (JSP) and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service (infinite loop) on the JBoss Web server. (CVE-2011-4610) It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in 'jboss-as/server/[PROFILE]/deploy/properties-service.xml'. (CVE-2011-4858) It was found that JBoss Web did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make a JBoss Web server use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Multiple flaws were found in the way JBoss Web handled HTTP DIGEST authentication. These flaws weakened the JBoss Web HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064) A flaw was found in the way JBoss Web handled sendfile request attributes when using the HTTP APR (Apache Portable Runtime) or NIO (Non-Blocking I/O) connector. A malicious web application running on a JBoss Web instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM). (CVE-2011-2526) Red Hat would like to thank NTT OSSC for reporting CVE-2011-4610; oCERT for reporting CVE-2011-4858; and the Apache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858. Warning: Before applying this update, back up your JBoss Enterprise Application Platform's 'jboss-as/server/[PROFILE]/deploy/' directory, along with all other customized configuration files. Users of JBoss Enterprise Application Platform 5.1.2 on Red Hat Enterprise Linux 4, 5, and 6 should upgrade to these updated packages, which correct these issues. The JBoss server process must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 64022
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64022
    title RHEL 4 / 5 / 6 : jbossweb (RHSA-2012:0074)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2012-0005_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Tomcat - bzip2 library - JRE - WDDM display driver - XPDM display driver
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 89106
    published 2016-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89106
    title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0005) (BEAST) (remote check)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0680.NASL
    description Updated tomcat5 packages that fix multiple security issues and two bugs are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime (APR) support for Tomcat. References in this text to APR refer to the Tomcat Native implementation, not any other apr package. This update includes bug fixes as documented in JBPAPP-4873 and JBPAPP-6133. It also resolves the following security issues : Multiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064) A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application's authentication checks and gain access to information they would otherwise be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler) connector is used by default when the APR libraries are not present. The JK connector is not affected by this flaw. (CVE-2011-3190) It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204) A flaw was found in the way Tomcat handled sendfile request attributes when using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application running on a Tomcat instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO connector is used by default in JBoss Enterprise Web Server. (CVE-2011-2526) Red Hat would like to thank oCERT for reporting CVE-2011-4858, and the Apache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858. Users of Tomcat should upgrade to these updated packages, which resolve these issues. Tomcat must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 78924
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78924
    title RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0680)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0474.NASL
    description Updated tomcat5 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858. Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58685
    published 2012-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58685
    title CentOS 5 : tomcat5 (CESA-2012:0474)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0474.NASL
    description Updated tomcat5 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858. Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 58718
    published 2012-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58718
    title RHEL 5 : tomcat5 (RHSA-2012:0474)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120411_TOMCAT5_ON_SL5_X.NASL
    description Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61299
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61299
    title Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0474.NASL
    description From Red Hat Security Advisory 2012:0474 : Updated tomcat5 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858. Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68510
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68510
    title Oracle Linux 5 : tomcat5 (ELSA-2012-0474)
  • NASL family Web Servers
    NASL id TOMCAT_5_5_35.NASL
    description According to its self-reported version number, the instance of Apache Tomcat 5.x listening on the remote host is prior to 5.5.35. It is, therefore, affected by a denial of service vulnerability. Large numbers of crafted form parameters can cause excessive CPU consumption due to hash collisions. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-08-01
    plugin id 57540
    published 2012-01-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57540
    title Apache Tomcat 5.x < 5.5.35 Hash Collision Denial of Service
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0475.NASL
    description Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858. Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 58719
    published 2012-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58719
    title RHEL 6 : tomcat6 (RHSA-2012:0475)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2401.NASL
    description Several vulnerabilities have been found in Tomcat, a servlet and JSP engine : - CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 The HTTP Digest Access Authentication implementation performed insufficient countermeasures against replay attacks. - CVE-2011-2204 In rare setups passwords were written into a logfile. - CVE-2011-2526 Missing input sanitising in the HTTP APR or HTTP NIO connectors could lead to denial of service. - CVE-2011-3190 AJP requests could be spoofed in some setups. - CVE-2011-3375 Incorrect request caching could lead to information disclosure. - CVE-2011-4858 CVE-2012-0022 This update adds countermeasures against a collision denial of service vulnerability in the Java hashtable implementation and addresses denial of service potentials when processing large amounts of requests. Additional information can be found at
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 57812
    published 2012-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57812
    title Debian DSA-2401-1 : tomcat6 - several vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0475.NASL
    description Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858. Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58752
    published 2012-04-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58752
    title CentOS 6 : tomcat6 (CESA-2012:0475)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0475.NASL
    description From Red Hat Security Advisory 2012:0475 : Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858. Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68511
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68511
    title Oracle Linux 6 : tomcat6 (ELSA-2012-0475)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2012-0005.NASL
    description a. VMware Tools Display Driver Privilege Escalation The VMware XPDM and WDDM display drivers contain buffer overflow vulnerabilities and the XPDM display driver does not properly check for NULL pointers. Exploitation of these issues may lead to local privilege escalation on Windows-based Guest Operating Systems. VMware would like to thank Tarjei Mandt for reporting theses issues to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-1509 (XPDM buffer overrun), CVE-2012-1510 (WDDM buffer overrun) and CVE-2012-1508 (XPDM null pointer dereference) to these issues. Note: CVE-2012-1509 doesn't affect ESXi and ESX. b. vSphere Client internal browser input validation vulnerability The vSphere Client has an internal browser that renders html pages from log file entries. This browser doesn't properly sanitize input and may run script that is introduced into the log files. In order for the script to run, the user would need to open an individual, malicious log file entry. The script would run with the permissions of the user that runs the vSphere Client. VMware would like to thank Edward Torkington for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1512 to this issue. In order to remediate the issue, the vSphere Client of the vSphere 5.0 Update 1 release or the vSphere 4.1 Update 2 release needs to be installed. The vSphere Clients that come with vSphere 4.0 and vCenter Server 2.5 are not affected. c. vCenter Orchestrator Password Disclosure The vCenter Orchestrator (vCO) Web Configuration tool reflects back the vCenter Server password as part of the webpage. This might allow the logged-in vCO administrator to retrieve the vCenter Server password. VMware would like to thank Alexey Sintsov from Digital Security Research Group for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1513 to this issue. d. vShield Manager Cross-Site Request Forgery vulnerability The vShield Manager (vSM) interface has a Cross-Site Request Forgery vulnerability. If an attacker can convince an authenticated user to visit a malicious link, the attacker may force the victim to forward an authenticated request to the server. VMware would like to thank Frans Pehrson of Xxor AB (www.xxor.se) and Claudio Criscione for independently reporting this issue to us The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1514 to this issue. e. vCenter Update Manager, Oracle (Sun) JRE update 1.6.0_30 Oracle (Sun) JRE is updated to version 1.6.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.6.0_29 and JRE 1.6.0_30 in the Oracle Java SE Critical Patch Update Advisory of October 2011. The References section provides a link to this advisory. f. vCenter Server Apache Tomcat update 6.0.35 Apache Tomcat has been updated to version 6.0.35 to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3190, CVE-2011-3375, CVE-2011-4858, and CVE-2012-0022 to these issues. g. ESXi update to third-party component bzip2 The bzip2 library is updated to version 1.0.6, which resolves a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0405 to this issue.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 58362
    published 2012-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58362
    title VMSA-2012-0005 : VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, Workstation, Player, ESXi, and ESX address several security issues
  • NASL family Misc.
    NASL id JUNIPER_NSM_2012_2_R5.NASL
    description According to the version of one or more Juniper NSM servers running on the remote host, it is potentially affected by the following vulnerabilities related to the included Apache Tomcat version : - An error exists related to handling requests containing several parameters that could allow denial of service attacks. (CVE-2012-0022) - An error exists related to handling partial HTTP requests that could allow denial of service attacks. (CVE-2012-5568) - Errors exist related to handling DIGEST authentication that could allow security mechanisms to be bypassed. (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 71023
    published 2013-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71023
    title Juniper NSM Servers < 2012.2R5 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0682.NASL
    description Updated tomcat6 packages that fix multiple security issues and three bugs are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Apache Tomcat is a servlet container. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime (APR) support for Tomcat. References in this text to APR refer to the Tomcat Native implementation, not any other apr package. This update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It also resolves the following security issues : Multiple flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064) A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application's authentication checks and gain access to information they would otherwise be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler) connector is used by default when the APR libraries are not present. The JK connector is not affected by this flaw. (CVE-2011-3190) A flaw in the way Tomcat recycled objects that contain data from user requests (such as IP addresses and HTTP headers) when certain errors occurred. If a user sent a request that caused an error to be logged, Tomcat would return a reply to the next request (which could be sent by a different user) with data from the first user's request, leading to information disclosure. Under certain conditions, a remote attacker could leverage this flaw to hijack sessions. (CVE-2011-3375) The Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) A flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204) A flaw in the way Tomcat handled sendfile request attributes when using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application running on a Tomcat instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO connector is used by default in JBoss Enterprise Web Server. (CVE-2011-2526) Red Hat would like to thank oCERT for reporting CVE-2011-4858, and the Apache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4858.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 78925
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78925
    title RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0682)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_TOMCAT_20120405.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. (CVE-2011-4858) - Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. (CVE-2012-0022)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80790
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80790
    title Oracle Solaris Third-Party Patch Update : tomcat (multiple_denial_of_service_dos)
  • NASL family Web Servers
    NASL id TOMCAT_7_0_23.NASL
    description According to its self-reported version number, the instance of Apache Tomcat 7.x listening on the remote host is prior to 7.0.23. It is, therefore, affected by a denial of service vulnerability. Large numbers of crafted form parameters can cause excessive CPU consumption due to hash collisions. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-08-01
    plugin id 57541
    published 2012-01-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57541
    title Apache Tomcat 7.x < 7.0.23 Hash Collision DoS
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120411_TOMCAT6_ON_SL6.NASL
    description Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61300
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61300
    title Scientific Linux Security Update : tomcat6 on SL6.x
oval via4
  • accepted 2013-07-29T04:00:59.180-04:00
    class vulnerability
    contributors
    name Sergey Artykhov
    organization ALTX-SOFT
    description Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
    family windows
    id oval:org.mitre.oval:def:16925
    status accepted
    submitted 2013-04-29T10:26:26.748+04:00
    title Vulnerability in the Oracle GoldenGate Veridata component of Oracle Fusion Middleware (subcomponent: Server). The supported version that is affected is 3.0.0.11.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate Veridata
    version 5
  • accepted 2015-04-20T04:00:49.796-04:00
    class vulnerability
    contributors
    • name Ganesh Manal
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
    family unix
    id oval:org.mitre.oval:def:18934
    status accepted
    submitted 2013-11-22T11:43:28.000-05:00
    title HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
    version 44
redhat via4
advisories
  • bugzilla
    id 783359
    title CVE-2012-0022 tomcat: large number of parameters DoS
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment tomcat5 is earlier than 0:5.5.23-0jpp.31.el5_8
          oval oval:com.redhat.rhsa:tst:20120474002
        • comment tomcat5 is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327003
      • AND
        • comment tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.31.el5_8
          oval oval:com.redhat.rhsa:tst:20120474006
        • comment tomcat5-admin-webapps is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327015
      • AND
        • comment tomcat5-common-lib is earlier than 0:5.5.23-0jpp.31.el5_8
          oval oval:com.redhat.rhsa:tst:20120474022
        • comment tomcat5-common-lib is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327017
      • AND
        • comment tomcat5-jasper is earlier than 0:5.5.23-0jpp.31.el5_8
          oval oval:com.redhat.rhsa:tst:20120474010
        • comment tomcat5-jasper is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327009
      • AND
        • comment tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.31.el5_8
          oval oval:com.redhat.rhsa:tst:20120474014
        • comment tomcat5-jasper-javadoc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327021
      • AND
        • comment tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.31.el5_8
          oval oval:com.redhat.rhsa:tst:20120474008
        • comment tomcat5-jsp-2.0-api is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327013
      • AND
        • comment tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.31.el5_8
          oval oval:com.redhat.rhsa:tst:20120474016
        • comment tomcat5-jsp-2.0-api-javadoc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327023
      • AND
        • comment tomcat5-server-lib is earlier than 0:5.5.23-0jpp.31.el5_8
          oval oval:com.redhat.rhsa:tst:20120474012
        • comment tomcat5-server-lib is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327007
      • AND
        • comment tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.31.el5_8
          oval oval:com.redhat.rhsa:tst:20120474018
        • comment tomcat5-servlet-2.4-api is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327005
      • AND
        • comment tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.31.el5_8
          oval oval:com.redhat.rhsa:tst:20120474004
        • comment tomcat5-servlet-2.4-api-javadoc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327011
      • AND
        • comment tomcat5-webapps is earlier than 0:5.5.23-0jpp.31.el5_8
          oval oval:com.redhat.rhsa:tst:20120474020
        • comment tomcat5-webapps is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070327019
    rhsa
    id RHSA-2012:0474
    released 2012-04-11
    severity Moderate
    title RHSA-2012:0474: tomcat5 security update (Moderate)
  • bugzilla
    id 783359
    title CVE-2012-0022 tomcat: large number of parameters DoS
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment tomcat6 is earlier than 0:6.0.24-36.el6_2
          oval oval:com.redhat.rhsa:tst:20120475005
        • comment tomcat6 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335006
      • AND
        • comment tomcat6-admin-webapps is earlier than 0:6.0.24-36.el6_2
          oval oval:com.redhat.rhsa:tst:20120475013
        • comment tomcat6-admin-webapps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335022
      • AND
        • comment tomcat6-docs-webapp is earlier than 0:6.0.24-36.el6_2
          oval oval:com.redhat.rhsa:tst:20120475009
        • comment tomcat6-docs-webapp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335020
      • AND
        • comment tomcat6-el-2.1-api is earlier than 0:6.0.24-36.el6_2
          oval oval:com.redhat.rhsa:tst:20120475011
        • comment tomcat6-el-2.1-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335024
      • AND
        • comment tomcat6-javadoc is earlier than 0:6.0.24-36.el6_2
          oval oval:com.redhat.rhsa:tst:20120475019
        • comment tomcat6-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335012
      • AND
        • comment tomcat6-jsp-2.1-api is earlier than 0:6.0.24-36.el6_2
          oval oval:com.redhat.rhsa:tst:20120475015
        • comment tomcat6-jsp-2.1-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335008
      • AND
        • comment tomcat6-lib is earlier than 0:6.0.24-36.el6_2
          oval oval:com.redhat.rhsa:tst:20120475017
        • comment tomcat6-lib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335018
      • AND
        • comment tomcat6-servlet-2.5-api is earlier than 0:6.0.24-36.el6_2
          oval oval:com.redhat.rhsa:tst:20120475007
        • comment tomcat6-servlet-2.5-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335010
      • AND
        • comment tomcat6-webapps is earlier than 0:6.0.24-36.el6_2
          oval oval:com.redhat.rhsa:tst:20120475021
        • comment tomcat6-webapps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335014
    rhsa
    id RHSA-2012:0475
    released 2012-04-11
    severity Moderate
    title RHSA-2012:0475: tomcat6 security update (Moderate)
  • rhsa
    id RHSA-2012:0074
  • rhsa
    id RHSA-2012:0075
  • rhsa
    id RHSA-2012:0076
  • rhsa
    id RHSA-2012:0077
  • rhsa
    id RHSA-2012:0078
  • rhsa
    id RHSA-2012:0325
  • rhsa
    id RHSA-2012:0345
  • rhsa
    id RHSA-2012:1331
rpms
  • tomcat5-0:5.5.23-0jpp.31.el5_8
  • tomcat5-admin-webapps-0:5.5.23-0jpp.31.el5_8
  • tomcat5-common-lib-0:5.5.23-0jpp.31.el5_8
  • tomcat5-jasper-0:5.5.23-0jpp.31.el5_8
  • tomcat5-jasper-javadoc-0:5.5.23-0jpp.31.el5_8
  • tomcat5-jsp-2.0-api-0:5.5.23-0jpp.31.el5_8
  • tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.31.el5_8
  • tomcat5-server-lib-0:5.5.23-0jpp.31.el5_8
  • tomcat5-servlet-2.4-api-0:5.5.23-0jpp.31.el5_8
  • tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.31.el5_8
  • tomcat5-webapps-0:5.5.23-0jpp.31.el5_8
  • tomcat6-0:6.0.24-36.el6_2
  • tomcat6-admin-webapps-0:6.0.24-36.el6_2
  • tomcat6-docs-webapp-0:6.0.24-36.el6_2
  • tomcat6-el-2.1-api-0:6.0.24-36.el6_2
  • tomcat6-javadoc-0:6.0.24-36.el6_2
  • tomcat6-jsp-2.1-api-0:6.0.24-36.el6_2
  • tomcat6-lib-0:6.0.24-36.el6_2
  • tomcat6-servlet-2.5-api-0:6.0.24-36.el6_2
  • tomcat6-webapps-0:6.0.24-36.el6_2
refmap via4
bid 51447
bugtraq 20120117 [SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service
confirm
debian DSA-2401
hp
  • HPSBMU02747
  • HPSBUX02741
  • HPSBUX02860
  • SSRT100728
  • SSRT100771
  • SSRT101146
mandriva
  • MDVSA-2012:085
  • MDVSA-2013:150
mlist
  • [tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
secunia
  • 48213
  • 48549
  • 48790
  • 48791
  • 50863
xf apache-tomcat-parameter-dos(72425)
vmware via4
description Apache Tomcat has been updated to version 6.0.35 to address multiple security issues.
id VMSA-2012-0005
last_updated 2012-12-20T00:00:00
published 2012-03-15T00:00:00
title vCenter Server Apache Tomcat update 6.0.35
Last major update 05-03-2014 - 23:34
Published 18-01-2012 - 23:01
Last modified 25-03-2019 - 07:33
Back to Top