Apache Tomcat Information for VU#903934
Hash table implementations vulnerable to algorithmic complexity attacks
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 28 Dec 2011
Status
Affected
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
According to the n.runs AG advisory:
"Tomcat has released updates (7.0.23, 6.0.35) for this issue which limit the number of request parameters using a configuration parameter. The default value of 10.000 should provide sufficient protection."
Vendor References
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.