Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:33
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html - | |
References | () http://marc.info/?l=bugtraq&m=133364885411663&w=2 - | |
References | () http://marc.info/?l=bugtraq&m=133847939902305&w=2 - | |
References | () http://marc.info/?l=bugtraq&m=134254866602253&w=2 - | |
References | () http://marc.info/?l=bugtraq&m=134254957702612&w=2 - | |
References | () http://marc.info/?l=bugtraq&m=139344343412337&w=2 - | |
References | () http://rhn.redhat.com/errata/RHSA-2012-0514.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2013-1455.html - | |
References | () http://secunia.com/advisories/48073 - | |
References | () http://secunia.com/advisories/48074 - | |
References | () http://secunia.com/advisories/48589 - | |
References | () http://secunia.com/advisories/48950 - | |
References | () http://secunia.com/advisories/57126 - | |
References | () http://security.gentoo.org/glsa/glsa-201406-32.xml - | |
References | () http://www.debian.org/security/2012/dsa-2420 - | |
References | () http://www.kb.cert.org/vuls/id/903934 - US Government Resource | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 - | |
References | () http://www.nruns.com/_downloads/advisory28122011.pdf - | |
References | () http://www.ocert.org/advisories/ocert-2011-003.html - | |
References | () http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - | |
References | () http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - | |
References | () http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html - | |
References | () https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16908 - |
Information
Published : 2011-12-30 01:55
Updated : 2024-11-21 01:33
NVD link : CVE-2011-5035
Mitre link : CVE-2011-5035
CVE.ORG link : CVE-2011-5035
JSON object : View
Products Affected
oracle
- glassfish_server
CWE
CWE-20
Improper Input Validation