CVE-2011-5035
Published: 29 December 2011
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
Notes
Author | Note |
---|---|
ebarretto | glassfish not-affected as we only build some core libs |
Priority
Status
Package | Release | Status |
---|---|---|
openjdk-7 Launchpad, Ubuntu, Debian |
vivid |
Not vulnerable
(7~u3-2.1-1ubuntu1)
|
artful |
Does not exist
|
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Released
(7u9-2.3.3-0ubuntu1~11.10.1)
|
|
precise |
Not vulnerable
(7~u3-2.1-1ubuntu1)
|
|
quantal |
Not vulnerable
(7~u3-2.1-1ubuntu1)
|
|
raring |
Not vulnerable
(7~u3-2.1-1ubuntu1)
|
|
saucy |
Not vulnerable
(7~u3-2.1-1ubuntu1)
|
|
trusty |
Does not exist
(trusty was not-affected [7~u3-2.1-1ubuntu1])
|
|
upstream |
Needs triage
|
|
utopic |
Not vulnerable
(7~u3-2.1-1ubuntu1)
|
|
wily |
Not vulnerable
(7~u3-2.1-1ubuntu1)
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
glassfish Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
|
|
cosmic |
Does not exist
|
|
hardy |
Ignored
(end of life)
|
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
openjdk-6 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
hardy |
Ignored
(end of life)
|
|
lucid |
Released
(6b20-1.9.13-0ubuntu1~10.04.1)
|
|
maverick |
Released
(6b20-1.9.13-0ubuntu1~10.10.1)
|
|
natty |
Released
(6b22-1.10.6-0ubuntu1)
|
|
oneiric |
Released
(6b23~pre11-0ubuntu1.11.10.2)
|
|
precise |
Not vulnerable
(6b24-1.11.1-0ubuntu1)
|
|
quantal |
Not vulnerable
(6b24-1.11.1-0ubuntu1)
|
|
raring |
Not vulnerable
(6b24-1.11.1-0ubuntu1)
|
|
saucy |
Not vulnerable
(6b24-1.11.1-0ubuntu1)
|
|
trusty |
Does not exist
(trusty was not-affected [6b24-1.11.1-0ubuntu1])
|
|
upstream |
Needs triage
|
|
utopic |
Not vulnerable
(6b24-1.11.1-0ubuntu1)
|
|
vivid |
Not vulnerable
(6b24-1.11.1-0ubuntu1)
|
|
wily |
Not vulnerable
(6b24-1.11.1-0ubuntu1)
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
openjdk-6b18 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
hardy |
Does not exist
|
|
lucid |
Released
(6b18-1.8.13-0ubuntu1~10.04.1)
|
|
maverick |
Released
(6b18-1.8.13-0ubuntu1~10.10.1)
|
|
natty |
Released
(6b18-1.8.13-0ubuntu1~11.04.1)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
sun-java6 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
hardy |
Ignored
(end of life)
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5035
- http://www.kb.cert.org/vuls/id/903934
- http://www.ocert.org/advisories/ocert-2011-003.html
- http://www.nruns.com/_downloads/advisory28122011.pdf
- https://ubuntu.com/security/notices/USN-1373-1
- https://ubuntu.com/security/notices/USN-1373-2
- NVD
- Launchpad
- Debian