Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability Network Vulnerability

Summary

The host is running GlassFish Server and is prone to denial of service vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service via a specially crafted form sent in a HTTP POST request. Impact Level: Application/System

Solution

Apply the updates from below link, http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

Insight

The flaw is due to an error within a hash generation function when hashing form posts and updating a hash table. This can be exploited to cause a hash collision resulting in high CPU consumption via a specially crafted form sent in a HTTP POST request.

Affected

Oracle GlassFish version 3.1.1 and prior.

References

http://www.kb.cert.org/vuls/id/903934
http://www.ocert.org/advisories/ocert-2011-003.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-5035
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ArGoSoft FTP Server XCWD Overflow
Comodo Internet Security Denial of Service Vulnerability July 13
DNS Amplification Attacks
DB2 discovery service DOS
Compaq Web SSI DoS

Oracle GlassFish Server Hash Collision Denial of Service Vulnerability

Take action and discover your vulnerabilities