Search for packages
| purl | pkg:rpm/redhat/tomcat6@6.0.24-36?arch=el6_2 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-hhk9-cr54-8fgc
Aliases: CVE-2012-0022 GHSA-8h2q-qm9x-55jc |
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. | There are no reported fixed by versions. |
|
VCID-zbbr-wded-9ffj
Aliases: CVE-2011-4858 GHSA-wr3m-gw98-mc3j |
Improper Input Validation in Apache Tomcat Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:56:07.917656+00:00 | RedHat Importer | Affected by | VCID-zbbr-wded-9ffj | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4858.json | 38.0.0 |
| 2026-04-01T14:55:58.628261+00:00 | RedHat Importer | Affected by | VCID-hhk9-cr54-8fgc | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0022.json | 38.0.0 |