CVE-2011-5035
CVE-2011-5035
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/2012no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.htmlhttp://marc.info/?l=bugtraq&m=133364885411663&w=2http://marc.info/?l=bugtraq&m=133847939902305&w=2http://marc.info/?l=bugtraq&m=134254866602253&w=2http://marc.info/?l=bugtraq&m=134254957702612&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://rhn.redhat.com/errata/RHSA-2012-0514.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1455.htmlhttp://secunia.com/advisories/48073http://secunia.com/advisories/48074http://secunia.com/advisories/48589