PT-2011-5182 · Oracle+4 · Oracle Glassfish+7

Alexander Klink

Published

2011-12-29

Updated

2024-06-15

CVE-2011-5035

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Oracle Glassfish versions 2.1.1 through 3.1.1

Description The issue allows remote attackers to cause a denial of service by sending many crafted parameters, resulting in CPU consumption. This is due to the computation of hash values for form parameters without restricting the ability to trigger hash collisions predictably.

Recommendations For Oracle Glassfish versions 2.1.1 through 3.1.1, consider restricting the ability to send many crafted parameters to prevent denial of service attacks. As a temporary workaround, consider implementing measures to limit CPU consumption when handling form parameters. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CESA-2012_0135

CVE-2011-5035

DSA-2420-1

HPSBUX02757

HPSBUX02784

OPENSUSE-SU-2024:10534-1

RHSA-2012:0135

RHSA-2012:0139

RHSA-2012:0322

RHSA-2012:0514

RHSA-2012_0135

RHSA-2012_0139

RHSA-2012_0322

RHSA-2012_0514

RHSA-2013:1455

Affected Products

Centos

Hp-Ux

Java Platform

Oracle Database

Oracle Glassfish

Oracle Weblogic Server

Red Hat

Suse

PT-2011-5182 · Oracle+4 · Oracle Glassfish+7

CVE-2011-5035

Weakness Enumeration

Related Identifiers

Affected Products

References · 342