Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-5035 | First vendor Publication | 2011-12-29 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5035 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:16908 | |||
| Oval ID: | oval:org.mitre.oval:def:16908 | ||
| Title: | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server | ||
| Description: | Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-5035 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Oracle WebLogic Server |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19408 | |||
| Oval ID: | oval:org.mitre.oval:def:19408 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-5035 | Version: | 10 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2012-01-03 | PHP Hash Table Collision Proof Of Concept |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-12-04 | Name : Oracle Java SE Hash Collision DoS Vulnerability (Windows) File : nvt/gb_oracle_java_se_hash_collision_dos_vuln_win.nasl |
| 2012-10-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16351 File : nvt/gb_fedora_2012_16351_java-1.7.0-openjdk_fc16.nasl |
| 2012-10-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-16351 File : nvt/gb_fedora_2012_16351_java-1.6.0-openjdk_fc16.nasl |
| 2012-09-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-13127 File : nvt/gb_fedora_2012_13127_java-1.6.0-openjdk_fc16.nasl |
| 2012-09-04 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-13138 File : nvt/gb_fedora_2012_13138_java-1.7.0-openjdk_fc16.nasl |
| 2012-08-30 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-2595 File : nvt/gb_fedora_2012_2595_java-1.7.0-openjdk_fc17.nasl |
| 2012-08-02 | Name : SuSE Update for java-1_6_0-openjdk openSUSE-SU-2012:0309-1 (java-1_6_0-openjdk) File : nvt/gb_suse_2012_0309_1.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2012:0135 centos6 File : nvt/gb_CESA-2012_0135_java_centos6.nasl |
| 2012-07-09 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0135-01 File : nvt/gb_RHSA-2012_0135-01_java-1.6.0-openjdk.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9545 File : nvt/gb_fedora_2012_9545_java-1.6.0-openjdk_fc16.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-9593 File : nvt/gb_fedora_2012_9593_java-1.7.0-openjdk_fc16.nasl |
| 2012-04-09 | Name : Java Runtime Environment Multiple Vulnerabilities (MAC OS X) File : nvt/gb_jre_mult_vuln_macosx.nasl |
| 2012-04-02 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-1690 File : nvt/gb_fedora_2012_1690_java-1.7.0-openjdk_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1711 File : nvt/gb_fedora_2012_1711_java-1.6.0-openjdk_fc16.nasl |
| 2012-03-12 | Name : Debian Security Advisory DSA 2420-1 (openjdk-6) File : nvt/deb_2420_1.nasl |
| 2012-03-09 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1721 File : nvt/gb_fedora_2012_1721_java-1.6.0-openjdk_fc15.nasl |
| 2012-03-09 | Name : Ubuntu Update for openjdk-6 USN-1373-1 File : nvt/gb_ubuntu_USN_1373_1.nasl |
| 2012-03-07 | Name : Ubuntu Update for openjdk-6b18 USN-1373-2 File : nvt/gb_ubuntu_USN_1373_2.nasl |
| 2012-02-27 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2012:0322-01 File : nvt/gb_RHSA-2012_0322-01_java-1.6.0-openjdk.nasl |
| 2012-02-21 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2012:021 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2012_021.nasl |
| 2012-01-12 | Name : Apache Tomcat Hash Collision Denial Of Service Vulnerability File : nvt/gb_apache_tomcat_hash_collision_dos_vuln_win.nasl |
| 2012-01-05 | Name : Oracle GlassFish Server Hash Collision Denial of Service Vulnerability File : nvt/gb_glassfish_hash_collision_dos_vuln.nasl |
| 2012-01-03 | Name : PHP Web Form Hash Collision Denial of Service Vulnerability (Win) File : nvt/gb_php_web_form_hash_collision_dos_vuln_win.nasl |
| 2011-12-30 | Name : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) File : nvt/secpod_ms11-100.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 78114 | Oracle GlassFish Server Hash Collission Form Parameter Parsing Remote DoS Oracle GlassFish Server contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption. |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2012-09-13 | IAVM : 2012-A-0147 - Multiple Vulnerabilities in VMware vCenter Server 4.1 Severity : Category I - VMSKEY : V0033793 |
| 2012-09-13 | IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0033794 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1455.nasl - Type : ACT_GATHER_INFO |
| 2014-07-22 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_jrockit_cpu_apr_2012.nasl - Type : ACT_GATHER_INFO |
| 2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-openjdk-120222.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-136.nasl - Type : ACT_GATHER_INFO |
| 2014-01-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-43.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0322.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0135.nasl - Type : ACT_GATHER_INFO |
| 2013-06-05 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_feb_2012_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-120427.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120221_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120216_java_1_6_0_sun_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120214_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-07-17 | Name : The remote device has a denial of service vulnerability. File : juniper_psn-2012-07-650.nasl - Type : ACT_GATHER_INFO |
| 2012-04-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0514.nasl - Type : ACT_GATHER_INFO |
| 2012-04-05 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_7_2012-001.nasl - Type : ACT_GATHER_INFO |
| 2012-04-05 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update7.nasl - Type : ACT_GATHER_INFO |
| 2012-03-19 | Name : A web-based application running on the remote Windows host is affected by a d... File : coldfusion_win_apsb12-06.nasl - Type : ACT_GATHER_INFO |
| 2012-03-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1373-2.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote Fedora host is missing a security update. File : fedora_2012-2595.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2420.nasl - Type : ACT_GATHER_INFO |
| 2012-02-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-120220.nasl - Type : ACT_GATHER_INFO |
| 2012-02-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1373-1.nasl - Type : ACT_GATHER_INFO |
| 2012-02-22 | Name : The remote web server is affected by a denial of service vulnerability. File : glassfish_cve-2011-5035.nasl - Type : ACT_GATHER_INFO |
| 2012-02-22 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1721.nasl - Type : ACT_GATHER_INFO |
| 2012-02-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0322.nasl - Type : ACT_GATHER_INFO |
| 2012-02-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1711.nasl - Type : ACT_GATHER_INFO |
| 2012-02-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-021.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0139.nasl - Type : ACT_GATHER_INFO |
| 2012-02-16 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1690.nasl - Type : ACT_GATHER_INFO |
| 2012-02-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0135.nasl - Type : ACT_GATHER_INFO |
| 2012-02-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0135.nasl - Type : ACT_GATHER_INFO |
| 2012-02-15 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_feb_2012.nasl - Type : ACT_GATHER_INFO |
| 2012-01-13 | Name : The remote web server is affected by a denial of service vulnerability File : tomcat_5_5_35.nasl - Type : ACT_GATHER_INFO |
| 2012-01-13 | Name : The remote web server is affected by a denial of service vulnerability. File : tomcat_7_0_23.nasl - Type : ACT_GATHER_INFO |
| 2011-12-29 | Name : The version of ASP.NET Framework installed on the remote host is affected by ... File : smb_nt_ms11-100.nasl - Type : ACT_GATHER_INFO |
| 2011-12-12 | Name : The remote web server is affected by multiple vulnerabilities. File : tomcat_6_0_35.nasl - Type : ACT_GATHER_INFO |
| 2009-01-19 | Name : The remote host is missing Sun Security Patch number 128641-30 File : solaris9_x86_128641.nasl - Type : ACT_GATHER_INFO |
| 2009-01-19 | Name : The remote host is missing Sun Security Patch number 128640-30 File : solaris9_128640.nasl - Type : ACT_GATHER_INFO |
| 2009-01-19 | Name : The remote host is missing Sun Security Patch number 128641-30 File : solaris10_x86_128641.nasl - Type : ACT_GATHER_INFO |
| 2009-01-19 | Name : The remote host is missing Sun Security Patch number 128640-30 File : solaris10_128640.nasl - Type : ACT_GATHER_INFO |
| 2007-10-18 | Name : The remote host is missing Sun Security Patch number 124672-20 File : solaris8_124672.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote host is missing Sun Security Patch number 124673-20 File : solaris9_x86_124673.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote host is missing Sun Security Patch number 124672-20 File : solaris9_124672.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote host is missing Sun Security Patch number 124673-20 File : solaris10_x86_124673.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote host is missing Sun Security Patch number 124672-20 File : solaris10_124672.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:03:12 |
|
| 2024-11-28 12:28:10 |
|
| 2021-05-05 01:09:37 |
|
| 2021-05-04 12:18:04 |
|
| 2021-04-22 01:21:21 |
|
| 2020-05-23 13:16:58 |
|
| 2020-05-23 01:47:43 |
|
| 2020-05-23 00:32:25 |
|
| 2019-03-19 12:04:45 |
|
| 2018-01-06 09:21:18 |
|
| 2018-01-05 09:23:09 |
|
| 2017-12-29 09:21:57 |
|
| 2017-12-22 09:21:05 |
|
| 2017-09-19 09:25:06 |
|
| 2017-07-22 12:02:04 |
|
| 2016-08-23 09:24:45 |
|
| 2016-04-26 21:19:37 |
|
| 2016-03-10 05:23:42 |
|
| 2016-03-10 00:44:24 |
|
| 2015-05-21 13:29:24 |
|
| 2014-11-08 13:29:56 |
|
| 2014-10-04 09:25:26 |
|
| 2014-07-23 13:24:40 |
|
| 2014-07-01 13:24:59 |
|
| 2014-06-14 13:32:03 |
|
| 2014-03-18 13:22:08 |
|
| 2014-03-08 13:21:51 |
|
| 2014-02-17 11:06:39 |
|
| 2014-02-07 13:19:54 |
|
| 2013-11-11 12:39:40 |
|
| 2013-11-04 21:21:58 |
|
| 2013-10-31 13:19:07 |
|
| 2013-10-11 13:23:13 |
|
| 2013-05-10 23:12:17 |
|
| 2013-02-15 13:20:13 |
|
| 2013-01-18 13:19:17 |
|
