CVE-2012-0022

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Affected Software

Name	Vendor	Start Version	End Version
Tomcat	Apache	5.5.0 (including)	5.5.0 (including)
Tomcat	Apache	5.5.1 (including)	5.5.1 (including)
Tomcat	Apache	5.5.2 (including)	5.5.2 (including)
Tomcat	Apache	5.5.3 (including)	5.5.3 (including)
Tomcat	Apache	5.5.4 (including)	5.5.4 (including)
Tomcat	Apache	5.5.5 (including)	5.5.5 (including)
Tomcat	Apache	5.5.6 (including)	5.5.6 (including)
Tomcat	Apache	5.5.7 (including)	5.5.7 (including)
Tomcat	Apache	5.5.8 (including)	5.5.8 (including)
Tomcat	Apache	5.5.9 (including)	5.5.9 (including)
Tomcat	Apache	5.5.10 (including)	5.5.10 (including)
Tomcat	Apache	5.5.11 (including)	5.5.11 (including)
Tomcat	Apache	5.5.12 (including)	5.5.12 (including)
Tomcat	Apache	5.5.13 (including)	5.5.13 (including)
Tomcat	Apache	5.5.14 (including)	5.5.14 (including)
Tomcat	Apache	5.5.15 (including)	5.5.15 (including)
Tomcat	Apache	5.5.16 (including)	5.5.16 (including)
Tomcat	Apache	5.5.17 (including)	5.5.17 (including)
Tomcat	Apache	5.5.18 (including)	5.5.18 (including)
Tomcat	Apache	5.5.19 (including)	5.5.19 (including)
Tomcat	Apache	5.5.20 (including)	5.5.20 (including)
Tomcat	Apache	5.5.21 (including)	5.5.21 (including)
Tomcat	Apache	5.5.22 (including)	5.5.22 (including)
Tomcat	Apache	5.5.23 (including)	5.5.23 (including)
Tomcat	Apache	5.5.24 (including)	5.5.24 (including)
Tomcat	Apache	5.5.25 (including)	5.5.25 (including)
Tomcat	Apache	5.5.26 (including)	5.5.26 (including)
Tomcat	Apache	5.5.27 (including)	5.5.27 (including)
Tomcat	Apache	5.5.28 (including)	5.5.28 (including)
Tomcat	Apache	5.5.29 (including)	5.5.29 (including)
Tomcat	Apache	5.5.30 (including)	5.5.30 (including)
Tomcat	Apache	5.5.31 (including)	5.5.31 (including)
Tomcat	Apache	5.5.32 (including)	5.5.32 (including)
Tomcat	Apache	5.5.33 (including)	5.5.33 (including)
Tomcat	Apache	5.5.34 (including)	5.5.34 (including)
JBEWP 5 for RHEL 5	RedHat	jbossweb-0:2.1.12-3_patch_03.2.ep5.el5	*
JBEWP 5 for RHEL 6	RedHat	jbossweb-0:2.1.12-3_patch_03.2.ep5.el6	*
JBoss Communications Platform 5.1	RedHat		*
JBoss Enterprise BRMS Platform 5.1	RedHat		*
Red Hat Enterprise Linux 5	RedHat	tomcat5-0:5.5.23-0jpp.31.el5_8	*
Red Hat Enterprise Linux 6	RedHat	tomcat6-0:6.0.24-36.el6_2	*
Red Hat JBoss Enterprise Application Platform 5.1	RedHat		*
Red Hat JBoss Enterprise Application Platform 5 for RHEL 4	RedHat	jbossweb-0:2.1.12-3_patch_03.2.ep5.el4	*
Red Hat JBoss Enterprise Application Platform 5 for RHEL 5	RedHat	jbossweb-0:2.1.12-3_patch_03.2.ep5.el5	*
Red Hat JBoss Enterprise Application Platform 5 for RHEL 6	RedHat	jbossweb-0:2.1.12-3_patch_03.2.ep5.el6	*
Red Hat JBoss Enterprise Web Server 1 for RHEL 5	RedHat	tomcat5-0:5.5.33-27_patch_07.ep5.el5	*
Red Hat JBoss Enterprise Web Server 1 for RHEL 5	RedHat	tomcat6-0:6.0.32-24_patch_07.ep5.el5	*
Red Hat JBoss Enterprise Web Server 1 for RHEL 6	RedHat	tomcat5-0:5.5.33-28_patch_07.ep5.el6	*
Red Hat JBoss Enterprise Web Server 1 for RHEL 6	RedHat	tomcat6-0:6.0.32-24_patch_07.ep5.el6	*
Red Hat JBoss Operations Network 3.1	RedHat		*
Red Hat JBoss Portal 4.3	RedHat		*
Red Hat JBoss Portal 5.2	RedHat		*
Red Hat JBoss SOA Platform 5.2	RedHat		*
Red Hat JBoss Web Platform 5.1	RedHat		*
Red Hat JBoss Web Server 1.0	RedHat		*
Red Hat JBoss Web Server 1.0	RedHat		*
Tomcat5.5	Ubuntu	hardy	*
Tomcat6	Ubuntu	devel	*
Tomcat6	Ubuntu	lucid	*
Tomcat6	Ubuntu	maverick	*
Tomcat6	Ubuntu	natty	*
Tomcat6	Ubuntu	oneiric	*
Tomcat6	Ubuntu	precise	*
Tomcat6	Ubuntu	quantal	*
Tomcat7	Ubuntu	oneiric	*
Tomcat7	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-0022
CWE	https://cwe.mitre.org/data/definitions/189.html

Affected Software

References