Apache Tomcat Information for VU#903934
Hash table implementations vulnerable to algorithmic complexity attacks
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 28 Dec 2011
No statement is currently available from the vendor regarding this vulnerability.
According to the n.runs AG advisory:
"Tomcat has released updates (7.0.23, 6.0.35) for this issue which limit the number of request parameters using a configuration parameter. The default value of 10.000 should provide sufficient protection."
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.