Gravité: : Medium
  Identifiant(s) CVE: : CVE-2012-0022
  Date du conseil: 21 juillet 2015

  Description

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

  Information Exposure Rating:

Apply associated Trend Micro DPI Rules.

  Solutions

  Trend Micro Deep Security DPI Rule Number: 1004888
  Trend Micro Deep Security DPI Rule Name: 1004888 - Restrict Number Of Parameters In HTTP Request

  Affected software and version:

  • apache tomcat 5.5.0
  • apache tomcat 5.5.1
  • apache tomcat 5.5.10
  • apache tomcat 5.5.11
  • apache tomcat 5.5.12
  • apache tomcat 5.5.13
  • apache tomcat 5.5.14
  • apache tomcat 5.5.15
  • apache tomcat 5.5.16
  • apache tomcat 5.5.17
  • apache tomcat 5.5.18
  • apache tomcat 5.5.19
  • apache tomcat 5.5.2
  • apache tomcat 5.5.20
  • apache tomcat 5.5.21
  • apache tomcat 5.5.22
  • apache tomcat 5.5.23
  • apache tomcat 5.5.24
  • apache tomcat 5.5.25
  • apache tomcat 5.5.26
  • apache tomcat 5.5.27
  • apache tomcat 5.5.28
  • apache tomcat 5.5.29
  • apache tomcat 5.5.3
  • apache tomcat 5.5.30
  • apache tomcat 5.5.31
  • apache tomcat 5.5.32
  • apache tomcat 5.5.33
  • apache tomcat 5.5.34
  • apache tomcat 5.5.4
  • apache tomcat 5.5.5
  • apache tomcat 5.5.6
  • apache tomcat 5.5.7
  • apache tomcat 5.5.8
  • apache tomcat 5.5.9
  • apache tomcat 6.0
  • apache tomcat 6.0.0
  • apache tomcat 6.0.1
  • apache tomcat 6.0.10
  • apache tomcat 6.0.11
  • apache tomcat 6.0.12
  • apache tomcat 6.0.13
  • apache tomcat 6.0.14
  • apache tomcat 6.0.15
  • apache tomcat 6.0.16
  • apache tomcat 6.0.17
  • apache tomcat 6.0.18
  • apache tomcat 6.0.19
  • apache tomcat 6.0.2
  • apache tomcat 6.0.20
  • apache tomcat 6.0.24
  • apache tomcat 6.0.26
  • apache tomcat 6.0.27
  • apache tomcat 6.0.28
  • apache tomcat 6.0.29
  • apache tomcat 6.0.3
  • apache tomcat 6.0.30
  • apache tomcat 6.0.31
  • apache tomcat 6.0.32
  • apache tomcat 6.0.33
  • apache tomcat 6.0.4
  • apache tomcat 6.0.5
  • apache tomcat 6.0.6
  • apache tomcat 6.0.7
  • apache tomcat 6.0.8
  • apache tomcat 6.0.9
  • apache tomcat 7.0.0
  • apache tomcat 7.0.1
  • apache tomcat 7.0.10
  • apache tomcat 7.0.11
  • apache tomcat 7.0.12
  • apache tomcat 7.0.13
  • apache tomcat 7.0.14
  • apache tomcat 7.0.15
  • apache tomcat 7.0.16
  • apache tomcat 7.0.17
  • apache tomcat 7.0.18
  • apache tomcat 7.0.19
  • apache tomcat 7.0.2
  • apache tomcat 7.0.20
  • apache tomcat 7.0.21
  • apache tomcat 7.0.22
  • apache tomcat 7.0.3
  • apache tomcat 7.0.4
  • apache tomcat 7.0.5
  • apache tomcat 7.0.6
  • apache tomcat 7.0.7
  • apache tomcat 7.0.8
  • apache tomcat 7.0.9