Hi All
I am working on resolving the CVE-2012-0022 DoS in JBoss Web, and I wanted to
confirm some details if anyone can help. Based on reading the advisory and
Tomcat patch code, it seems to me that the issue is simply slow processing when
a very large number of parameters is received with a re
On Sat, Jan 21, 2012 at 9:02 AM, David Jorm wrote:
> Hi All
>
> I am working on resolving the CVE-2012-0022 DoS in JBoss Web, and I wanted to
> confirm some details if anyone can help. Based on reading the advisory and
> Tomcat patch code, it seems to me that the issue is simply slow processing
On 01/21/2012 07:16 PM, Remy Maucherat wrote:
On Sat, Jan 21, 2012 at 9:02 AM, David Jorm wrote:
Hi All
I am working on resolving the CVE-2012-0022 DoS in JBoss Web, and I wanted to
confirm some details if anyone can help. Based on reading the advisory and
Tomcat patch code, it seems to me t
On 21/01/2012 12:02, David Jorm wrote:
> The point of my question was to check whether my understanding of the
> CVE-2012-0022 issue is complete, i.e. whether the issue is just slow
> processing leading to a DoS when a very large number of parameters is
> received with a request.
Correct. CVE-201
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.25
This release includes numerous bug fixes and several new features
compared to version 7.0.23. The notable new features include:
* Align the Servlet 3.0 implementation with the changes defined in the
first mainten
The change log for Tomcat 7.0.25 contains this entry:
"Correct error in fix for 49683. (markt)"
Is this bug fix expected to fix the file descriptor leak that was
reported in Tomcat 7.0.23?
-
To unsubscribe, e-mail: users-unsubscr
2012/1/21 David Jorm :
> Hi All
>
> I am working on resolving the CVE-2012-0022 DoS in JBoss Web, and I wanted to
> confirm some details if anyone can help. Based on reading the advisory and
> Tomcat patch code, it seems to me that the issue is simply slow processing
> when a very large number o
