CVE - CVE-2011-5035

CVE-ID
CVE-2011-5035	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table URL:http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html CERT-VN:VU#903934 URL:http://www.kb.cert.org/vuls/id/903934 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html DEBIAN:DSA-2420 URL:http://www.debian.org/security/2012/dsa-2420 GENTOO:GLSA-201406-32 URL:http://security.gentoo.org/glsa/glsa-201406-32.xml HP:HPSBMU02797 URL:http://marc.info/?l=bugtraq&m=134254957702612&w=2 HP:HPSBMU02799 URL:http://marc.info/?l=bugtraq&m=134254866602253&w=2 HP:HPSBST02955 URL:http://marc.info/?l=bugtraq&m=139344343412337&w=2 HP:HPSBUX02757 URL:http://marc.info/?l=bugtraq&m=133364885411663&w=2 HP:HPSBUX02784 URL:http://marc.info/?l=bugtraq&m=133847939902305&w=2 HP:SSRT100779 URL:http://marc.info/?l=bugtraq&m=133364885411663&w=2 HP:SSRT100867 URL:http://marc.info/?l=bugtraq&m=134254957702612&w=2 HP:SSRT100871 URL:http://marc.info/?l=bugtraq&m=133847939902305&w=2 MANDRIVA:MDVSA-2013:150 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2013:150~~ (Obsolete source) MISC:http://www.nruns.com/_downloads/advisory28122011.pdf MISC:http://www.ocert.org/advisories/ocert-2011-003.html MISC:https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py OVAL:oval:org.mitre.oval:def:16908 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16908 REDHAT:RHSA-2012:0514 URL:http://rhn.redhat.com/errata/RHSA-2012-0514.html REDHAT:RHSA-2013:1455 URL:http://rhn.redhat.com/errata/RHSA-2013-1455.html SECUNIA:48073 URL:http://secunia.com/advisories/48073 SECUNIA:48074 URL:http://secunia.com/advisories/48074 SECUNIA:48589 URL:http://secunia.com/advisories/48589 SECUNIA:48950 URL:http://secunia.com/advisories/48950 SECUNIA:57126 URL:http://secunia.com/advisories/57126 SUSE:SUSE-SU-2012:0603 URL:http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html
Assigning CNA
MITRE Corporation
Date Record Created
20111229	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20111229)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)