Apache Tomcat Information for VU#903934

Hash table implementations vulnerable to algorithmic complexity attacks

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

According to the n.runs AG advisory:
"Tomcat has released updates (7.0.23, 6.0.35) for this issue which limit the number of request parameters using a configuration parameter. The default value of 10.000 should provide sufficient protection."

Vendor References

http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.