{ "threat_severity" : "Moderate", "public_date" : "2012-01-17T00:00:00Z", "bugzilla" : { "description" : "tomcat: large number of parameters DoS", "id" : "783359", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=783359" }, "cvss" : { "cvss_base_score" : "5.0", "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status" : "verified" }, "details" : [ "Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858." ], "affected_release" : [ { "product_name" : "JBEWP 5 for RHEL 5", "release_date" : "2012-01-31T00:00:00Z", "advisory" : "RHSA-2012:0076", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", "package" : "jbossweb-0:2.1.12-3_patch_03.2.ep5.el5" }, { "product_name" : "JBEWP 5 for RHEL 6", "release_date" : "2012-01-31T00:00:00Z", "advisory" : "RHSA-2012:0076", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_platform:5::el6", "package" : "jbossweb-0:2.1.12-3_patch_03.2.ep5.el6" }, { "product_name" : "JBoss Communications Platform 5.1", "release_date" : "2012-01-31T00:00:00Z", "advisory" : "RHSA-2012:0078", "cpe" : "cpe:/a:redhat:jboss_communications_platform:5.1" }, { "product_name" : "JBoss Enterprise BRMS Platform 5.1", "release_date" : "2012-02-22T00:00:00Z", "advisory" : "RHSA-2012:0325", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:5.1" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2012-04-11T00:00:00Z", "advisory" : "RHSA-2012:0474", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "tomcat5-0:5.5.23-0jpp.31.el5_8" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2012-04-11T00:00:00Z", "advisory" : "RHSA-2012:0475", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "tomcat6-0:6.0.24-36.el6_2" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 5.1", "release_date" : "2012-01-31T00:00:00Z", "advisory" : "RHSA-2012:0075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:5.1" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4", "release_date" : "2012-01-31T00:00:00Z", "advisory" : "RHSA-2012:0074", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", "package" : "jbossweb-0:2.1.12-3_patch_03.2.ep5.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5", "release_date" : "2012-01-31T00:00:00Z", "advisory" : "RHSA-2012:0074", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", "package" : "jbossweb-0:2.1.12-3_patch_03.2.ep5.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6", "release_date" : "2012-01-31T00:00:00Z", "advisory" : "RHSA-2012:0074", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:5::el6", "package" : "jbossweb-0:2.1.12-3_patch_03.2.ep5.el6" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 1 for RHEL 5", "release_date" : "2012-05-21T00:00:00Z", "advisory" : "RHSA-2012:0680", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:1::el5", "package" : "tomcat5-0:5.5.33-27_patch_07.ep5.el5" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 1 for RHEL 5", "release_date" : "2012-05-21T00:00:00Z", "advisory" : "RHSA-2012:0682", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:1::el5", "package" : "tomcat6-0:6.0.32-24_patch_07.ep5.el5" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 1 for RHEL 6", "release_date" : "2012-05-21T00:00:00Z", "advisory" : "RHSA-2012:0680", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:1::el6", "package" : "tomcat5-0:5.5.33-28_patch_07.ep5.el6" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 1 for RHEL 6", "release_date" : "2012-05-21T00:00:00Z", "advisory" : "RHSA-2012:0682", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:1::el6", "package" : "tomcat6-0:6.0.32-24_patch_07.ep5.el6" }, { "product_name" : "Red Hat JBoss Operations Network 3.1", "release_date" : "2012-10-03T00:00:00Z", "advisory" : "RHSA-2012:1331", "cpe" : "cpe:/a:redhat:jboss_operations_network:3.1" }, { "product_name" : "Red Hat JBoss Portal 4.3", "release_date" : "2012-03-01T00:00:00Z", "advisory" : "RHSA-2012:0345", "cpe" : "cpe:/a:redhat:jboss_enterprise_portal_platform:4.3" }, { "product_name" : "Red Hat JBoss Portal 5.2", "release_date" : "2012-02-22T00:00:00Z", "advisory" : "RHSA-2012:0325", "cpe" : "cpe:/a:redhat:jboss_enterprise_portal_platform:5.2" }, { "product_name" : "Red Hat JBoss SOA Platform 5.2", "release_date" : "2012-02-22T00:00:00Z", "advisory" : "RHSA-2012:0325", "cpe" : "cpe:/a:redhat:jboss_soa_platform:5.2" }, { "product_name" : "Red Hat JBoss Web Platform 5.1", "release_date" : "2012-01-31T00:00:00Z", "advisory" : "RHSA-2012:0077", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_platform:5.1" }, { "product_name" : "Red Hat JBoss Web Server 1.0", "release_date" : "2012-05-21T00:00:00Z", "advisory" : "RHSA-2012:0679", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:1.0" }, { "product_name" : "Red Hat JBoss Web Server 1.0", "release_date" : "2012-05-21T00:00:00Z", "advisory" : "RHSA-2012:0681", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:1.0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2012-0022\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-0022" ], "name" : "CVE-2012-0022", "csaw" : false }