Security Bulletin: TADDM affected by multiple vulnerabilities due to JRuby and Hyperic HQ

Summary IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to use of JRuby CVE-2011-4838 and cross site scripting due to use of Hyperic HQ CVE-2009-2907, CVE-2009-2899 Vulnerability Details CVEID:CVE-2009-2907 DESCRIPTION: Hyperic HQ is vulnerable to...

[SECURITY] [DLA 209-1] jruby security update

Package : jruby Version : 1.5.1-1+deb6u1 CVE ID : CVE-2011-4838 Debian Bug : 686867 JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted...

Gentoo Security Advisory GLSA 201207-06 (jruby)

The remote host is missing updates announced in advisory GLSA 201207-06. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

GLSA-201207-06 : JRuby: Denial of Service

The remote host is affected by the vulnerability described in GLSA-201207-06 JRuby: Denial of Service JRuby does not properly randomize hash functions to protect against hash collision attacks. Impact : A remote attacker could send a specially crafted input, possibly resulting in a Denial of...

FreeBSD Ports: jruby

The remote host is missing an update to the system as announced in the referenced advisory. VID 91be81e7-3fea-11e1-afc7-2c4138874f7d OpenVAS Vulnerability Test $ Description: Auto generated from VID 91be81e7-3fea-11e1-afc7-2c4138874f7d Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

FreeBSD Ports: jruby

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2011-4838

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...

CVE-2011-4838

CVE-2011-4838 affects JRuby prior to 1.6.5.1, where hash values can be triggered to collide predictably, enabling context-dependent attackers to cause a denial of service (CPU consumption) via crafted inputs in applications that use hash tables. The vulnerability is documented across multiple sou...

CVE-2011-4838

JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...

Check Point response to "DoS through hash table against Web Application Platforms" (CVE-2011-4838)

...