Julian Wälde

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions prior to 7 Update 6 OpenJDK versions prior to 7u6 build 12 and 8 before build 39 **Description** The issue allows context-dependent attackers to cause a denial of service, specifically CPU consumption, via crafted input to an application that maintains a hash table. This is due to the computation of hash values without restricting the ability to trigger hash collisions predictably. **Recommendations** For Oracle Java SE versions prior to 7 Update 6, update to version 7 Update 6 or later. For OpenJDK versions prior to 7u6 build 12, update to 7u6 build 12 or later. For OpenJDK version 8 before build 39, update to build 39 or later.

**Name of the Vulnerable Software and Affected Versions** Python versions prior to 2.6.8 Python versions 2.7.x prior to 2.7.3 Python versions 3.x prior to 3.1.5 Python versions 3.2.x prior to 3.2.3 **Description** The issue allows context-dependent attackers to cause a denial of service, specifically high CPU consumption, via crafted input to an application that maintains a hash table. This is due to the computation of hash values without restricting the ability to trigger hash collisions predictably. An error within a hash generation function when hashing form posts and updating a hash table can be exploited to cause a hash collision. This can be achieved by sending a specially crafted form in an HTTP POST request. **Recommendations** For versions prior to 2.6.8, update to version 2.6.8 or later. For versions 2.7.x prior to 2.7.3, update to version 2.7.3 or later. For versions 3.x prior to 3.1.5, update to version 3.1.5 or later. For versions 3.2.x prior to 3.2.3, update to version 3.2.3 or later.

**Name of the Vulnerable Software and Affected Versions** Apache Tomcat versions prior to 5.5.35 Apache Tomcat versions 6.x prior to 6.0.35 Apache Tomcat versions 7.x prior to 7.0.23 **Description** The issue allows remote attackers to cause a denial of service by sending many crafted parameters, resulting in CPU consumption due to hash collisions. **Recommendations** For versions prior to 5.5.35, update to version 5.5.35 or later. For versions 6.x prior to 6.0.35, update to version 6.0.35 or later. For versions 7.x prior to 7.0.23, update to version 7.0.23 or later.