Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tomcat | Apache | 5.5.35 (including) | 5.5.35 (including) |
| Tomcat | Apache | 6.0.0 (including) | 6.0.0 (including) |
| Tomcat | Apache | 6.0.1 (including) | 6.0.1 (including) |
| Tomcat | Apache | 6.0.2 (including) | 6.0.2 (including) |
| Tomcat | Apache | 6.0.3 (including) | 6.0.3 (including) |
| Tomcat | Apache | 6.0.4 (including) | 6.0.4 (including) |
| Tomcat | Apache | 6.0.5 (including) | 6.0.5 (including) |
| Tomcat | Apache | 6.0.6 (including) | 6.0.6 (including) |
| Tomcat | Apache | 6.0.7 (including) | 6.0.7 (including) |
| Tomcat | Apache | 6.0.8 (including) | 6.0.8 (including) |
| Tomcat | Apache | 6.0.9 (including) | 6.0.9 (including) |
| Tomcat | Apache | 6.0.10 (including) | 6.0.10 (including) |
| Tomcat | Apache | 6.0.11 (including) | 6.0.11 (including) |
| Tomcat | Apache | 6.0.12 (including) | 6.0.12 (including) |
| Tomcat | Apache | 6.0.13 (including) | 6.0.13 (including) |
| Tomcat | Apache | 6.0.14 (including) | 6.0.14 (including) |
| Tomcat | Apache | 6.0.15 (including) | 6.0.15 (including) |
| Tomcat | Apache | 6.0.16 (including) | 6.0.16 (including) |
| Tomcat | Apache | 6.0.17 (including) | 6.0.17 (including) |
| Tomcat | Apache | 6.0.18 (including) | 6.0.18 (including) |
| Tomcat | Apache | 6.0.19 (including) | 6.0.19 (including) |
| Tomcat | Apache | 6.0.20 (including) | 6.0.20 (including) |
| Tomcat | Apache | 6.0.21 (including) | 6.0.21 (including) |
| Tomcat | Apache | 6.0.22 (including) | 6.0.22 (including) |
| Tomcat | Apache | 6.0.23 (including) | 6.0.23 (including) |
| Tomcat | Apache | 6.0.24 (including) | 6.0.24 (including) |
| Tomcat | Apache | 6.0.25 (including) | 6.0.25 (including) |
| Tomcat | Apache | 6.0.26 (including) | 6.0.26 (including) |
| Tomcat | Apache | 6.0.27 (including) | 6.0.27 (including) |
| Tomcat | Apache | 6.0.28 (including) | 6.0.28 (including) |
| Tomcat | Apache | 6.0.29 (including) | 6.0.29 (including) |
| Tomcat | Apache | 6.0.30 (including) | 6.0.30 (including) |
| Tomcat | Apache | 6.0.31 (including) | 6.0.31 (including) |
| Tomcat | Apache | 6.0.32 (including) | 6.0.32 (including) |
| Tomcat | Apache | 6.0.33 (including) | 6.0.33 (including) |
| Tomcat | Apache | 6.0.34 (including) | 6.0.34 (including) |
| Tomcat | Apache | 7.0.0 (including) | 7.0.0 (including) |
| Tomcat | Apache | 7.0.1 (including) | 7.0.1 (including) |
| Tomcat | Apache | 7.0.2 (including) | 7.0.2 (including) |
| Tomcat | Apache | 7.0.3 (including) | 7.0.3 (including) |
| Tomcat | Apache | 7.0.4 (including) | 7.0.4 (including) |
| Tomcat | Apache | 7.0.5 (including) | 7.0.5 (including) |
| Tomcat | Apache | 7.0.6 (including) | 7.0.6 (including) |
| Tomcat | Apache | 7.0.7 (including) | 7.0.7 (including) |
| Tomcat | Apache | 7.0.8 (including) | 7.0.8 (including) |
| Tomcat | Apache | 7.0.9 (including) | 7.0.9 (including) |
| Tomcat | Apache | 7.0.10 (including) | 7.0.10 (including) |
| Tomcat | Apache | 7.0.11 (including) | 7.0.11 (including) |
| Tomcat | Apache | 7.0.12 (including) | 7.0.12 (including) |
| Tomcat | Apache | 7.0.13 (including) | 7.0.13 (including) |
| Tomcat | Apache | 7.0.14 (including) | 7.0.14 (including) |
| Tomcat | Apache | 7.0.15 (including) | 7.0.15 (including) |
| Tomcat | Apache | 7.0.16 (including) | 7.0.16 (including) |
| Tomcat | Apache | 7.0.17 (including) | 7.0.17 (including) |
| Tomcat | Apache | 7.0.18 (including) | 7.0.18 (including) |
| Tomcat | Apache | 7.0.19 (including) | 7.0.19 (including) |
| Tomcat | Apache | 7.0.20 (including) | 7.0.20 (including) |
| Tomcat | Apache | 7.0.21 (including) | 7.0.21 (including) |
| Tomcat | Apache | 7.0.22 (including) | 7.0.22 (including) |