Information Security all in one place!

Update – Apache Tomcat developers advise updates to avoid DoS


Update of earlier post: Apache Tomcat Important Updates Released! (

The Apache Tomcat developers are advising users of the 7.0.x, 6.0.x and 5.5.x branches of the Java servlet and JSP container to update to the latest released versions 7.0.23, 6.0.35 and 5.5.35. Recent investigations revealed inefficiencies in how large numbers of parameters and parameter values were handled by Tomcat.

Apache Tomcat - back

Analysis of the recent hash collision denial-of-service (DoS) vulnerability had allowed the developers to identify “unrelated inefficiencies” which could be exploited by a specially crafted request, causing large amounts of CPU to be consumed. To address the issue, the developers modified the code to efficiently process large numbers of parameters and values.

The project has been quietly releasing the fixes to the Tomcat code; 7.0.23 appeared at the end of November 2011 and 6.0.35 arrived at the start of December. Now that they have released an update to last of the currently supported versions, 5.5.35, the developers have published their advisory. Users who have yet not updated can download version 7.0.23version 6.0.35 andversion 5.5.35 from the Apache Tomcat site.

Read More:

More info here: CVE-2012-0022 Apache Tomcat Denial of Service, security advisory!

Let's hear what you have to say.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s