Summary
This host is installed with Oracle Java SE and is prone to denial of service vulnerability.
Impact
Successful exploitation allows remote attackers to cause a denial of service condition via crafted input to an application that maintains a hash table.
Impact Level: Application
Solution
Upgrade to Oracle Java SE version 7 Update 6
For updates refer to http://www.oracle.com/technetwork/java/javase/downloads/index.html
Insight
The flaw is due to computes hash values without restricting the ability to trigger hash collisions predictably.
Affected
Oracle Java SE 7 to 7 Update 5
References
- http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html
- http://osvdb.org/show/osvdb/83341
- http://www.kb.cert.org/vuls/id/903934
- http://www.nruns.com/_downloads/advisory28122011.pdf
- http://www.ocert.org/advisories/ocert-2011-003.html
- http://www.openwall.com/lists/oss-security/2012/06/17/1
- https://bugzilla.redhat.com/show_bug.cgi?id=750533
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-2739 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- ddrLPD Remote Denial of Service Vulnerability
- ClamAV Hash Manager Off-By-One Denial of Service Vulnerability (Win)
- Firefox XUL Parsing Denial of Service Vulnerability (Linux)
- Apache Subversion 'mod_dav_svn' log REPORT Request DoS Vulnerability
- Comodo Internet Security Denial of Service Vulnerability July 13