Lucene search

K
ubuntucveUbuntu.comUB:CVE-2011-5035
HistoryDec 29, 2011 - 12:00 a.m.

CVE-2011-5035

2011-12-2900:00:00
ubuntu.com
ubuntu.com
23

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.025

Percentile

90.2%

Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server
2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other
products, computes hash values for form parameters without restricting the
ability to trigger hash collisions predictably, which allows remote
attackers to cause a denial of service (CPU consumption) by sending many
crafted parameters, aka Oracle security ticket S0104869.

Bugs

Notes

Author Note
ebarretto glassfish not-affected as we only build some core libs
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchopenjdk-6< 6b20-1.9.13-0ubuntu1~10.04.1UNKNOWN
ubuntu10.10noarchopenjdk-6< 6b20-1.9.13-0ubuntu1~10.10.1UNKNOWN
ubuntu11.04noarchopenjdk-6< 6b22-1.10.6-0ubuntu1UNKNOWN
ubuntu11.10noarchopenjdk-6< 6b23~pre11-0ubuntu1.11.10.2UNKNOWN
ubuntu10.04noarchopenjdk-6b18< 6b18-1.8.13-0ubuntu1~10.04.1UNKNOWN
ubuntu10.10noarchopenjdk-6b18< 6b18-1.8.13-0ubuntu1~10.10.1UNKNOWN
ubuntu11.04noarchopenjdk-6b18< 6b18-1.8.13-0ubuntu1~11.04.1UNKNOWN
ubuntu11.10noarchopenjdk-7< 7u9-2.3.3-0ubuntu1~11.10.1UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.025

Percentile

90.2%