Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-hhk9-cr54-8fgc
Vulnerability ID VCID-hhk9-cr54-8fgc
Aliases CVE-2012-0022
GHSA-8h2q-qm9x-55jc
Summary Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-189 Numeric Errors
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://marc.info/?l=bugtraq&m=132871655717248&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=133294394108746&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=136485229118404&w=2
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2012:0074
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2012:0075
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2012:0076
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2012:1331
epss 0.23418 https://api.first.org/data/v1/epss?cve=CVE-2012-0022
epss 0.23418 https://api.first.org/data/v1/epss?cve=CVE-2012-0022
epss 0.23418 https://api.first.org/data/v1/epss?cve=CVE-2012-0022
epss 0.23418 https://api.first.org/data/v1/epss?cve=CVE-2012-0022
epss 0.23418 https://api.first.org/data/v1/epss?cve=CVE-2012-0022
epss 0.23418 https://api.first.org/data/v1/epss?cve=CVE-2012-0022
epss 0.23418 https://api.first.org/data/v1/epss?cve=CVE-2012-0022
epss 0.23418 https://api.first.org/data/v1/epss?cve=CVE-2012-0022
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/72425
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-8h2q-qm9x-55jc
generic_textual MODERATE https://github.com/apache/tomcat
generic_textual MODERATE https://github.com/apache/tomcat55/commit/0314fe7743cb72e469cb395ccaaf2793a2ea0355
generic_textual MODERATE https://github.com/apache/tomcat55/commit/7a1cfb6bd2f849806e7c060dda8648409ad8714e
generic_textual MODERATE https://github.com/apache/tomcat55/commit/b05497eff4311a9657de6dfc53511d0309eb9db4
generic_textual MODERATE https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2012-0022
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:16925
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:18934
generic_textual MODERATE http://tomcat.apache.org/security-5.html
generic_textual MODERATE http://tomcat.apache.org/security-6.html
generic_textual MODERATE http://tomcat.apache.org/security-7.html
generic_textual MODERATE http://www.debian.org/security/2012/dsa-2401
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
Reference id Reference type URL
http://marc.info/?l=bugtraq&m=132871655717248&w=2
http://marc.info/?l=bugtraq&m=133294394108746&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://rhn.redhat.com/errata/RHSA-2012-0074.html
http://rhn.redhat.com/errata/RHSA-2012-0075.html
http://rhn.redhat.com/errata/RHSA-2012-0076.html
http://rhn.redhat.com/errata/RHSA-2012-1331.html
https://access.redhat.com/errata/RHSA-2012:0074
https://access.redhat.com/errata/RHSA-2012:0075
https://access.redhat.com/errata/RHSA-2012:0076
https://access.redhat.com/errata/RHSA-2012:1331
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0022.json
https://api.first.org/data/v1/epss?cve=CVE-2012-0022
https://exchange.xforce.ibmcloud.com/vulnerabilities/72425
https://github.com/apache/tomcat
https://github.com/apache/tomcat55/commit/0314fe7743cb72e469cb395ccaaf2793a2ea0355
https://github.com/apache/tomcat55/commit/7a1cfb6bd2f849806e7c060dda8648409ad8714e
https://github.com/apache/tomcat55/commit/b05497eff4311a9657de6dfc53511d0309eb9db4
https://github.com/apache/tomcat70/commit/0351f661e9219a0682df1d2a9265c518438279c6
https://github.com/apache/tomcat70/commit/0569aa6a01a74d51b93fd0027288358825fc03d5
https://github.com/apache/tomcat70/commit/0c5d3a903598abd7c7ebe1b00e27a6574339c417
https://github.com/apache/tomcat70/commit/233dcc857e0faf8bc94325be5fb287aa70ee944f
https://github.com/apache/tomcat70/commit/597edaab8863df03f7bdc4eafb39e754fd3cd322
https://github.com/apache/tomcat70/commit/5fd94ded5ebc57926974064d9b1e82e8f44c743c
https://github.com/apache/tomcat70/commit/7b05232350c11370ab9385185a57ccd1fe7da09f
https://github.com/apache/tomcat70/commit/9649a2147ce04753bb0bbe2be8e66444670c6db5
https://github.com/apache/tomcat70/commit/a2fede48c2d8130db216ea2261c376d723021aa4
https://github.com/apache/tomcat70/commit/a4bfa01d4e6fd677f6831ab7b3e513c8b94c6185
https://github.com/apache/tomcat70/commit/c2508191c17acd5e530d80a623a4ac28a8b23128
https://github.com/apache/tomcat70/commit/c7950cf9f2d7790a40113d2b50e52cbb337a8fe9
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16925
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18934
https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:16925
https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:18934
https://svn.apache.org/viewvc?view=rev&rev=1189899
https://svn.apache.org/viewvc?view=rev&rev=1190372
https://svn.apache.org/viewvc?view=rev&rev=1190482
https://svn.apache.org/viewvc?view=rev&rev=1194917
https://svn.apache.org/viewvc?view=rev&rev=1195225
https://svn.apache.org/viewvc?view=rev&rev=1195226
https://svn.apache.org/viewvc?view=rev&rev=1195537
https://svn.apache.org/viewvc?view=rev&rev=1195909
https://svn.apache.org/viewvc?view=rev&rev=1195944
https://svn.apache.org/viewvc?view=rev&rev=1195951
https://svn.apache.org/viewvc?view=rev&rev=1195977
https://svn.apache.org/viewvc?view=rev&rev=1198641
https://svn.apache.org/viewvc?view=rev&rev=1200601
https://svn.apache.org/viewvc?view=rev&rev=1206324
https://svn.apache.org/viewvc?view=rev&rev=1221282
https://svn.apache.org/viewvc?view=rev&rev=1224640
https://svn.apache.org/viewvc?view=rev&rev=1228191
https://svn.apache.org/viewvc?view=rev&rev=1229027
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www.debian.org/security/2012/dsa-2401
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
783359 https://bugzilla.redhat.com/show_bug.cgi?id=783359
CVE-2012-0022 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022
CVE-2012-0022 https://nvd.nist.gov/vuln/detail/CVE-2012-0022
GHSA-8h2q-qm9x-55jc https://github.com/advisories/GHSA-8h2q-qm9x-55jc
GLSA-201206-24 https://security.gentoo.org/glsa/201206-24
RHSA-2012:0077 https://access.redhat.com/errata/RHSA-2012:0077
RHSA-2012:0078 https://access.redhat.com/errata/RHSA-2012:0078
RHSA-2012:0325 https://access.redhat.com/errata/RHSA-2012:0325
RHSA-2012:0345 https://access.redhat.com/errata/RHSA-2012:0345
RHSA-2012:0474 https://access.redhat.com/errata/RHSA-2012:0474
RHSA-2012:0475 https://access.redhat.com/errata/RHSA-2012:0475
RHSA-2012:0679 https://access.redhat.com/errata/RHSA-2012:0679
RHSA-2012:0680 https://access.redhat.com/errata/RHSA-2012:0680
RHSA-2012:0681 https://access.redhat.com/errata/RHSA-2012:0681
RHSA-2012:0682 https://access.redhat.com/errata/RHSA-2012:0682
USN-1359-1 https://usn.ubuntu.com/1359-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.9593
EPSS Score 0.23418
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:38:15.046123+00:00 ProjectKB MSRImporter Import https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv 38.0.0