Lucene search

K

Veracode Vulnerability DatabaseVERACODE:3748

HistoryMar 23, 2017 - 5:36 a.m.

Denial Of Service (DoS)

2017-03-2305:36:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Oracle Glassfish web-core is vulnerable to denial of service (DoS) attacks. The vulnerability exists because it allows the generation of the same hash value for all the values in the hash table, allowing it to cause hashtable collisions. Due to these hash table collisions, attackers can consume hours of CPU time with a single HTTP request, triggering denial of service attacks.

CPENameOperatorVersion
core servlet containereq10.0-b28
core servlet containerle3.0.1-b20
core servlet containerle3.1.1
core servlet containerle3.2-b05
embedded glassfish weble3.1.1
embedded glassfish weble3.0.1
embedded glassfish weble3.2-b05
java-1.6.0-ibmeq1.6.0.10.1__1jpp.5.el6_2
java-1.6.0-ibmeq1.6.0.9.1__1jpp.1.el5
java-1.6.0-ibmeq1.6.0.4__1jpp.1.el5

Rows per page:

1-10 of 361

References

archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html

marc.info/?l=bugtraq&m=133364885411663&w=2

marc.info/?l=bugtraq&m=133847939902305&w=2

marc.info/?l=bugtraq&m=134254866602253&w=2

marc.info/?l=bugtraq&m=134254957702612&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

rhn.redhat.com/errata/RHSA-2012-0514.html

rhn.redhat.com/errata/RHSA-2013-1455.html

secunia.com/advisories/48073

secunia.com/advisories/48074

secunia.com/advisories/48589

secunia.com/advisories/48950

secunia.com/advisories/57126

security.gentoo.org/glsa/glsa-201406-32.xml

www.debian.org/security/2012/dsa-2420

www.kb.cert.org/vuls/id/903934

www.mandriva.com/security/advisories?name=MDVSA-2013:150

www.nruns.com/_downloads/advisory28122011.pdf

www.ocert.org/advisories/ocert-2011-003.html

www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html

www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

github.com/Appdynamics/OSS/blob/master/glassfish/web/web-core/src/main/java/org/apache/catalina/connector/Request.java#L3110

github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16908

www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html

www.rapid7.com/db/vulnerabilities/suse-cve-2011-5035

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for VERACODE:3748

prion1 openvas54 cisa1 debiancve1 ubuntucve1 nessus47 cve1 exploitpack1 seebug2 exploitdb1 suse3 ubuntu2 amazon1 fedora14 redhat5 oraclelinux2 osv1 debian1 centos1 veracode3 ibm2 threatpost1 securityvulns3 oracle3 gentoo2