Oracle Java SE Hash Collision DoS Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with Oracle Java SE and is prone to denial of service vulnerability.

Impact

Successful exploitation allows remote attackers to cause a denial of service condition via crafted input to an application that maintains a hash table. Impact Level: Application

Solution

Upgrade to Oracle Java SE version 7 Update 6 For updates refer to http://www.oracle.com/technetwork/java/javase/downloads/index.html

Insight

The flaw is due to computes hash values without restricting the ability to trigger hash collisions predictably.

Affected

Oracle Java SE 7 to 7 Update 5

References

http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html
http://osvdb.org/show/osvdb/83341
http://www.kb.cert.org/vuls/id/903934
http://www.nruns.com/_downloads/advisory28122011.pdf
http://www.ocert.org/advisories/ocert-2011-003.html
http://www.openwall.com/lists/oss-security/2012/06/17/1
https://bugzilla.redhat.com/show_bug.cgi?id=750533

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2739
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
Firefox XUL Parsing Denial of Service Vulnerability (Linux)
Comodo Internet Security Denial of Service Vulnerability-02
ArGoSoft FTP Server XCWD Overflow
Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Linux

Take action and discover your vulnerabilities