Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2011-5035
Description:Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
Test IDs: 1.3.6.1.4.1.25623.1.0.71148   1.3.6.1.4.1.25623.1.0.802409   1.3.6.1.4.1.25623.1.1.4.2012.0603.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2011-5035
Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
CERT/CC vulnerability note: VU#903934
http://www.kb.cert.org/vuls/id/903934
Debian Security Information: DSA-2420 (Google Search)
http://www.debian.org/security/2012/dsa-2420
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBMU02797
http://marc.info/?l=bugtraq&m=134254957702612&w=2
HPdes Security Advisory: HPSBMU02799
http://marc.info/?l=bugtraq&m=134254866602253&w=2
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
HPdes Security Advisory: HPSBUX02757
http://marc.info/?l=bugtraq&m=133364885411663&w=2
HPdes Security Advisory: HPSBUX02784
http://marc.info/?l=bugtraq&m=133847939902305&w=2
HPdes Security Advisory: SSRT100779
http://marc.info/?l=bugtraq&m=133364885411663&w=2
HPdes Security Advisory: SSRT100867
http://marc.info/?l=bugtraq&m=134254957702612&w=2
HPdes Security Advisory: SSRT100871
http://marc.info/?l=bugtraq&m=133847939902305&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16908
RedHat Security Advisories: RHSA-2012:0514
http://rhn.redhat.com/errata/RHSA-2012-0514.html
RedHat Security Advisories: RHSA-2013:1455
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://secunia.com/advisories/48073
http://secunia.com/advisories/48074
http://secunia.com/advisories/48589
http://secunia.com/advisories/48950
http://secunia.com/advisories/57126
SuSE Security Announcement: SUSE-SU-2012:0603 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html




© 1998-2024 E-Soft Inc. All rights reserved.