This bug was fixed in the package tomcat6 - 6.0.24-2ubuntu1.10
--------------- tomcat6 (6.0.24-2ubuntu1.10) lucid-security; urgency=low
* SECURITY UPDATE: denial of service via hash collision and incorrect handling of large numbers of parameters and parameter values (LP: #909828) - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling code in conf/web.xml, java/org/apache/catalina/connector/Connector.java, java/org/apache/catalina/connector/mbeans-descriptors.xml, java/org/apache/catalina/connector/Request.java, java/org/apache/catalina/filters/FailedRequestFilter.java, java/org/apache/catalina/Globals.java, java/org/apache/coyote/Request.java, java/org/apache/tomcat/util/buf/B2CConverter.java, java/org/apache/tomcat/util/buf/ByteChunk.java, java/org/apache/tomcat/util/buf/MessageBytes.java, java/org/apache/tomcat/util/buf/StringCache.java, java/org/apache/tomcat/util/http/LocalStrings.properties, java/org/apache/tomcat/util/http/Parameters.java, webapps/docs/config/ajp.xml, webapps/docs/config/http.xml. - CVE-2011-4858 - CVE-2012-0022 -- Marc Deslauriers <email address hidden> Wed, 25 Jan 2012 14:35:46 -0500
This bug was fixed in the package tomcat6 - 6.0.24-2ubuntu1.10
--------------- 2ubuntu1. 10) lucid-security; urgency=low
tomcat6 (6.0.24-
* SECURITY UPDATE: denial of service via hash collision and incorrect patches/ 0019-CVE- 2012-0022. patch: refactor parameter handling org/apache/ catalina/ connector/ Connector. java, org/apache/ catalina/ connector/ mbeans- descriptors. xml, org/apache/ catalina/ connector/ Request. java, org/apache/ catalina/ filters/ FailedRequestFi lter.java, org/apache/ catalina/ Globals. java, org/apache/ coyote/ Request. java, org/apache/ tomcat/ util/buf/ B2CConverter. java, org/apache/ tomcat/ util/buf/ ByteChunk. java, org/apache/ tomcat/ util/buf/ MessageBytes. java, org/apache/ tomcat/ util/buf/ StringCache. java, org/apache/ tomcat/ util/http/ LocalStrings. properties, org/apache/ tomcat/ util/http/ Parameters. java, docs/config/ ajp.xml, docs/config/ http.xml.
handling of large numbers of parameters and parameter values
(LP: #909828)
- debian/
code in conf/web.xml,
java/
java/
java/
java/
java/
java/
java/
java/
java/
java/
java/
java/
webapps/
webapps/
- CVE-2011-4858
- CVE-2012-0022
-- Marc Deslauriers <email address hidden> Wed, 25 Jan 2012 14:35:46 -0500