QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2011-5035

Back to search

CVE-2011-5035

Published: Dec 30, 2011

Modified: Aug 7, 2024

PUBLISHED

Description

Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.

VendorProductVersions

n/a

n/a

affected
n/a

References

48074
third-party-advisory
x_refsource_SECUNIA
HPSBUX02784
vendor-advisory
x_refsource_HP
GLSA-201406-32
vendor-advisory
x_refsource_GENTOO
HPSBMU02799
vendor-advisory
x_refsource_HP
48589
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:16908
vdb-entry
signature
x_refsource_OVAL
RHSA-2013:1455
vendor-advisory
x_refsource_REDHAT
SUSE-SU-2012:0603
vendor-advisory
x_refsource_SUSE
48073
third-party-advisory
x_refsource_SECUNIA
48950
third-party-advisory
x_refsource_SECUNIA
SSRT100871
vendor-advisory
x_refsource_HP
HPSBUX02757
vendor-advisory
x_refsource_HP
57126
third-party-advisory
x_refsource_SECUNIA
VU#903934
third-party-advisory
x_refsource_CERT-VN
DSA-2420
vendor-advisory
x_refsource_DEBIAN
SSRT100867
vendor-advisory
x_refsource_HP
RHSA-2012:0514
vendor-advisory
x_refsource_REDHAT
MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
HPSBST02955
vendor-advisory
x_refsource_HP
SSRT100779
vendor-advisory
x_refsource_HP
HPSBMU02797
vendor-advisory
x_refsource_HP

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now