5
CVE-2011-5035
- EPSS 68.91%
- Veröffentlicht 30.12.2011 01:55:01
- Zuletzt bearbeitet 16.06.2026 23:35:49
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Glassfish Server Version <= 3.1.1
Oracle ≫ Glassfish Server Version2.1.1
Oracle ≫ Glassfish Server Version3.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 68.91% | 0.993 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/57126
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html
http://www.kb.cert.org/vuls/id/903934
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html
http://marc.info/?l=bugtraq&m=133364885411663&w=2
http://marc.info/?l=bugtraq&m=133847939902305&w=2
http://rhn.redhat.com/errata/RHSA-2012-0514.html
http://secunia.com/advisories/48073
http://secunia.com/advisories/48074
http://secunia.com/advisories/48589
http://secunia.com/advisories/48950
http://www.debian.org/security/2012/dsa-2420
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16908