Oracle Java SE 'MurmurHash' Algorithm Hash Collision DoS Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with Oracle Java SE and is prone to denial of service vulnerability.

Impact

Successful exploitation allows remote attackers to cause a denial of service condition via crafted input to an application that maintains a hash table. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaw is caused by hash functions based on the 'MurmurHash' algorithm, which is vulnerable to predictable hash collisions.

Affected

Oracle Java SE 7 to 7 Update 4

References

http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf
http://osvdb.org/show/osvdb/87862
http://www.ocert.org/advisories/ocert-2012-001.html
http://xforce.iss.net/xforce/xfdb/80299
https://bugzilla.redhat.com/show_bug.cgi?id=880705

Updated on 2017-03-28

Severity

Classification

CVE CVE-2012-5373
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

F-Secure Policy Manager Server fsmsh.dll module DoS
Comodo Internet Security Denial of Service Vulnerability July 13
Active Perl Denial of Service Vulnerability Feb 2014 (Windows)
Apache APR-Utils Multiple Denial of Service Vulnerabilities
Comodo Internet Security Denial of Service Vulnerability-05

Take action and discover your vulnerabilities