GlassFish: hash table collisions CPU usage DoS (oCERT-2011-003)

🗓️ 23 Oct 2013 16:26:00Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 4 Views

GlassFish computes hash values without restricting collisions, enabling remote DoS via crafted parameters.

Reporter	Title	Published	Views	Family All 178
IBM Security Bulletins	Security Bulletin: Unspecified Vulnerabilities in Rational Synergy (CVE-2012-0502,CVE-2012-0503,CVE-2012-0506,CVE-2012-0507,CVE-2011-3563,CVE-2012-0500,CVE-2012-0497,CVE-2012-0498,CVE-2012-0499,CVE-2012-0500,CVE-2012-0501,CVE-2012-0505,CVE-2011-5035)	22 Dec 202017:41	–	ibm
IBM Security Bulletins	Potential Security Vulnerabilities With JavaTM SDKs	17 Jun 201814:05	–	ibm
Tenable Nessus	Oracle GlassFish Server <= 3.1.1 Multiple Denial-of-Service Vulnerabilities	10 Sep 201300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-43)	4 Sep 201300:00	–	nessus
Tenable Nessus	CentOS 6 : java-1.6.0-openjdk (CESA-2012:0135)	16 Feb 201200:00	–	nessus
Tenable Nessus	Debian DSA-2420-1 : openjdk-6 - several vulnerabilities	29 Feb 201200:00	–	nessus
Tenable Nessus	Fedora 16 : java-1.7.0-openjdk-1.7.0.3-2.1.fc16 (2012-1690)	16 Feb 201200:00	–	nessus
Tenable Nessus	Fedora 16 : java-1.6.0-openjdk-1.6.0.0-65.1.11.1.fc16 (2012-1711)	20 Feb 201200:00	–	nessus
Tenable Nessus	Fedora 15 : java-1.6.0-openjdk-1.6.0.0-63.1.10.6.fc15 (2012-1721)	22 Feb 201200:00	–	nessus
Tenable Nessus	Fedora 17 : java-1.7.0-openjdk-1.7.0.3-2.1.fc17 (2012-2595)	29 Feb 201200:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	5	i386	java-1.6.0-ibm	1:1.6.0.14.0-1jpp.1.el5_9	java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.i386.rpm
Red Hat Enterprise Linux	5	s390x	java-1.6.0-ibm	1:1.6.0.14.0-1jpp.1.el5_9	java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.s390x.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.6.0-ibm	1:1.6.0.14.0-1jpp.1.el5_9	java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm
Red Hat Enterprise Linux	6	s390x	java-1.6.0-ibm	1:1.6.0.14.0-1jpp.1.el6_4	java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.6.0-ibm	1:1.6.0.14.0-1jpp.1.el6_4	java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm
Red Hat Enterprise Linux	5	i386	java-1.6.0-ibm-devel	1:1.6.0.14.0-1jpp.1.el5_9	java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.i386.rpm
Red Hat Enterprise Linux	5	s390x	java-1.6.0-ibm-devel	1:1.6.0.14.0-1jpp.1.el5_9	java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.s390x.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.6.0-ibm-devel	1:1.6.0.14.0-1jpp.1.el5_9	java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm
Red Hat Enterprise Linux	6	s390x	java-1.6.0-ibm-devel	1:1.6.0.14.0-1jpp.1.el6_4	java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.6.0-ibm-devel	1:1.6.0.14.0-1jpp.1.el6_4	java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2011-5035
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2011-5035
cve	www.cve.org/CVERecord

14 May 2026 22:17Current

7High risk

Vulners AI Score7

CVSS 25

EPSS0.68914

GlassFish hash collisions denial of service processor usage crafted parameters remote attacks