Description

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Remediation

References

CVE-2012-2739

Related Vulnerabilities

Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-9582)

Hiawatha Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-8358)

WordPress Plugin Universal Analytics Cross-Site Scripting (1.3.0)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-3169)

WordPress Plugin WP Google Review Slider Cross-Site Scripting (11.5)

Severity

Medium

Classification

CVE-2012-2739

Tags

Missing Update Known Vulnerabilities