Apache Tomcat Information for VU#903934

Hash table implementations vulnerable to algorithmic complexity attacks



Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

According to the n.runs AG advisory:
"Tomcat has released updates (7.0.23, 6.0.35) for this issue which limit the number of request parameters using a configuration parameter. The default value of 10.000 should provide sufficient protection."

Vendor References



There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.