Rapid7 Vulnerability & Exploit Database

ELSA-2012-0475 Moderate: Oracle Linux tomcat6 security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2012-0475 Moderate: Oracle Linux tomcat6 security update

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

01/18/2012

Created

07/25/2018

Added

05/02/2012

Modified

04/11/2019

Description

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.

Solution(s)

oracle-linux-upgrade-tomcat6
oracle-linux-upgrade-tomcat6-admin-webapps
oracle-linux-upgrade-tomcat6-docs-webapp
oracle-linux-upgrade-tomcat6-el-2-1-api
oracle-linux-upgrade-tomcat6-javadoc
oracle-linux-upgrade-tomcat6-jsp-2-1-api
oracle-linux-upgrade-tomcat6-lib
oracle-linux-upgrade-tomcat6-servlet-2-5-api
oracle-linux-upgrade-tomcat6-webapps

References

https://attackerkb.com/topics/cve-2011-4858
51200
51447
903934
CVE - 2011-4858
CVE - 2012-0022
DSA-2401
OVAL16925
OVAL18886
OVAL18934
RHSA-2012:0074
RHSA-2012:0075
RHSA-2012:0076
RHSA-2012:0077
RHSA-2012:0078
RHSA-2012:0089
RHSA-2012:0325
RHSA-2012:0345
RHSA-2012:0406
RHSA-2012:1331
http://oss.oracle.com/pipermail/el-errata/2012-April/002741.html
72425

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;