Oracle.Product.Hashing.Collision.DoS
Description
GlassFish is an open-source application server project started by Sun Microsystems for the Java EE platform and now sponsored by Oracle Corporation.
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. (CVE-2011-5035)
Affected Products
Oracle GlassFish before 3.1.1
Impact
The vulnerable system could be compromised and system resource could be interrupted result in a denial of service condition.
Recommended Actions
At the time of writing this advisory, there is no security patch provided by the vendor.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |