web-core is vulnerable to partial denial of service attacks. The vulnerability is possible due to JVM bottleneck caused by a flaw in JVM code, translating named encoding (e.g., “utf-8”) into Charsets
. Therefore, that flaw leads to a number of stuck threads converting a byte array to a String or vice versa.
CPE | Name | Operator | Version |
---|---|---|---|
core servlet container | le | 3.1.1 | |
core servlet container | le | 3.0.1 | |
core servlet container | le | 3.0 | |
core servlet container | le | 3.2-b06 |
osvdb.org/78417
www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
bugzilla.redhat.com/show_bug.cgi?id=783900
bz.apache.org/bugzilla/show_bug.cgi?id=51400
exchange.xforce.ibmcloud.com/vulnerabilities/72497
java.net/jira/browse/GLASSFISH-17511
svn.java.net/svn/glassfish~svn/trunk/main@51257
www.oracle.com/technetwork/topics/security/cpujan2012-366304.html