[Bug 909828] Re: Tomcat needs update to prevent hash function DoS attack
Launchpad Bug Tracker
909828 at bugs.launchpad.net
Mon Feb 13 13:36:11 UTC 2012
This bug was fixed in the package tomcat6 - 6.0.24-2ubuntu1.10
---------------
tomcat6 (6.0.24-2ubuntu1.10) lucid-security; urgency=low
* SECURITY UPDATE: denial of service via hash collision and incorrect
handling of large numbers of parameters and parameter values
(LP: #909828)
- debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
code in conf/web.xml,
java/org/apache/catalina/connector/Connector.java,
java/org/apache/catalina/connector/mbeans-descriptors.xml,
java/org/apache/catalina/connector/Request.java,
java/org/apache/catalina/filters/FailedRequestFilter.java,
java/org/apache/catalina/Globals.java,
java/org/apache/coyote/Request.java,
java/org/apache/tomcat/util/buf/B2CConverter.java,
java/org/apache/tomcat/util/buf/ByteChunk.java,
java/org/apache/tomcat/util/buf/MessageBytes.java,
java/org/apache/tomcat/util/buf/StringCache.java,
java/org/apache/tomcat/util/http/LocalStrings.properties,
java/org/apache/tomcat/util/http/Parameters.java,
webapps/docs/config/ajp.xml,
webapps/docs/config/http.xml.
- CVE-2011-4858
- CVE-2012-0022
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Wed, 25 Jan 2012 14:35:46 -0500
** Changed in: tomcat6 (Ubuntu Lucid)
Status: Confirmed => Fix Released
** Changed in: tomcat6 (Ubuntu Maverick)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat6 in Ubuntu.
https://bugs.launchpad.net/bugs/909828
Title:
Tomcat needs update to prevent hash function DoS attack
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/909828/+subscriptions
More information about the Ubuntu-server-bugs
mailing list