Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability Network Vulnerability

Summary

The host is running GlassFish Server and is prone to denial of service vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service via a specially crafted form sent in a HTTP POST request. Impact Level: Application/System

Solution

Apply the updates from below link, http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

Insight

The flaw is due to an error within a hash generation function when hashing form posts and updating a hash table. This can be exploited to cause a hash collision resulting in high CPU consumption via a specially crafted form sent in a HTTP POST request.

Affected

Oracle GlassFish version 3.1.1 and prior.

References

http://www.kb.cert.org/vuls/id/903934
http://www.ocert.org/advisories/ocert-2011-003.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-5035

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Firebird SQL 'op_connect_request' Denial Of Service Vulnerability (Win)
Apache Connection Blocking Denial of Service
Denial of Service (DoS) in Microsoft SMS Client
CUPS Denial of Service Vulnerability - Jun09
Asterisk T.38 Negotiation Remote Denial Of Service Vulnerability

Oracle GlassFish Server Hash Collision Denial of Service Vulnerability

Take action and discover your vulnerabilities