PT-2012-4226 · Oracle · Oracle Java Se+1
Alexander Klink
+1
·
Published
2012-11-28
·
Updated
2012-11-28
·
CVE-2012-2739
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Oracle Java SE versions prior to 7 Update 6
OpenJDK versions prior to 7u6 build 12 and 8 before build 39
Description
The issue allows context-dependent attackers to cause a denial of service, specifically CPU consumption, via crafted input to an application that maintains a hash table. This is due to the computation of hash values without restricting the ability to trigger hash collisions predictably.
Recommendations
For Oracle Java SE versions prior to 7 Update 6, update to version 7 Update 6 or later.
For OpenJDK versions prior to 7u6 build 12, update to 7u6 build 12 or later.
For OpenJDK version 8 before build 39, update to build 39 or later.
Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openjdk
Oracle Java Se