|Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications
Server 2.0, Sun Java System Application Server 8.1 and 8.2, and
possibly other products, computes hash values for form parameters
without restricting the ability to trigger hash collisions
predictably, which allows remote attackers to cause a denial of
service (CPU consumption) by sending many crafted parameters, aka
Oracle security ticket S0104869.