PT-2011-5182 · Oracle+4 · Oracle Glassfish+7

Alexander Klink

Publicado

2011-12-29

Atualizado

2024-06-15

CVE-2011-5035

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Oracle Glassfish versions 2.1.1 through 3.1.1

Description The issue allows remote attackers to cause a denial of service by sending many crafted parameters, resulting in CPU consumption. This is due to the computation of hash values for form parameters without restricting the ability to trigger hash collisions predictably.

Recommendations For Oracle Glassfish versions 2.1.1 through 3.1.1, consider restricting the ability to send many crafted parameters to prevent denial of service attacks. As a temporary workaround, consider implementing measures to limit CPU consumption when handling form parameters. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CESA-2012_0135

CVE-2011-5035

DSA-2420-1

HPSBUX02757

HPSBUX02784

OPENSUSE-SU-2024:10534-1

RHSA-2012:0135

RHSA-2012:0139

RHSA-2012:0322

RHSA-2012:0514

RHSA-2012_0135

RHSA-2012_0139

RHSA-2012_0322

RHSA-2012_0514

RHSA-2013:1455

Produtos afetados

Centos

Hp-Ux

Java Platform

Oracle Database

Oracle Glassfish

Oracle Weblogic Server

Red Hat

Suse

PT-2011-5182 · Oracle+4 · Oracle Glassfish+7

CVE-2011-5035

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 342