Description
The following problems were fixed in Apache Tomcat version 7.0.23:
-
Important: Denial of service CVE-2012-0022
Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause large amounts of CPU to be used which in turn could create a denial of service. The issue was addressed by modifying the Tomcat parameter handling code to efficiently process large numbers of parameters and parameter values.
Affected Apache Tomcat versions (7.0.0 - 7.0.22).
Remediation
Upgrade to the latest version of Apache Tomcat.
References
Related Vulnerabilities
MySQL CVE-2018-3182 Vulnerability (CVE-2018-3182)
MySQL CVE-2022-21412 Vulnerability (CVE-2022-21412)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2017-3730)
Oracle Database Server CVE-2018-3259 Vulnerability (CVE-2018-3259)
phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4729)