Upstream information
Description
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Novell/SUSE information
Novell Bugzilla entry: 727543 SUSE Security Advisories:- openSUSE-SU-2012:0103-1, published Thu, 19 Jan 2012 18:08:26 +0100 (CET)
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE 11.3 |
| |
| openSUSE 11.4 |
| |
| SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM POWER SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP4 for IPF SUSE Linux Enterprise Server 10 SP4 for x86 |
| sle10-sp4-sdk.x86 sle10-sp4-sdk.ppc sles10-sp4.s390x sle10-sp4-sdk.s390x sles10-sp4.ppc sle10-sp4-sdk.ia64 sles10-sp4.x86-64 sle10-sp4-sdk.x86-64 sles10-sp4.x86 sles10-sp4.ia64 ZYPP Patch Nr: 7933 |