Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability

Security Info

Security Discussion

Proof of Concept and Security Exploits

• /data/vulnerabilities/exploits/HashCollision-DoS-Java-POC.zip

Security Solution(s)

Security References(s)

• n.runs-SA-2011.004 28-Dec-2011 (n.runs AG)
  
• Oracle GlassFish Server (Oracle)
  
• Oracle Security Alert for CVE-2011-5035 (Oracle)
  
• #2011-003 multiple implementations denial-of-service via hash algorithm collisio (oCERT)
  
• Oracle Critical Patch Update Advisory - January 2012 (Oracle)
  
• Oracle Java SE Critical Patch Update Advisory - February 2012 (Oracle)