Test ID:	1.3.6.1.4.1.25623.1.0.802409
Category:	Web Servers
Title:	Oracle GlassFish Server <= 3.1.1 Hash Collision DoS Vulnerability
Summary:	GlassFish Server is prone to a denial of service (DoS); vulnerability.
Description:	Summary: GlassFish Server is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is due to an error within a hash generation function when hashing form posts and updating a hash table. This can be exploited to cause a hash collision resulting in high CPU consumption via a specially crafted form sent in a HTTP POST request. Vulnerability Impact: Successful exploitation could allow remote attackers to cause a denial of service via a specially crafted form sent in a HTTP POST request. Affected Software/OS: Oracle GlassFish version 3.1.1 and prior. Solution: Apply the updates from the referenced advisory. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-5035 Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search) http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html CERT/CC vulnerability note: VU#903934 http://www.kb.cert.org/vuls/id/903934 Debian Security Information: DSA-2420 (Google Search) http://www.debian.org/security/2012/dsa-2420 http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBMU02797 http://marc.info/?l=bugtraq&m=134254957702612&w=2 HPdes Security Advisory: HPSBMU02799 http://marc.info/?l=bugtraq&m=134254866602253&w=2 HPdes Security Advisory: HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 HPdes Security Advisory: HPSBUX02757 http://marc.info/?l=bugtraq&m=133364885411663&w=2 HPdes Security Advisory: HPSBUX02784 http://marc.info/?l=bugtraq&m=133847939902305&w=2 HPdes Security Advisory: SSRT100779 HPdes Security Advisory: SSRT100867 HPdes Security Advisory: SSRT100871 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.nruns.com/_downloads/advisory28122011.pdf http://www.ocert.org/advisories/ocert-2011-003.html https://github.com/FireFart/HashCollision-DOS-POC/blob/master/HashtablePOC.py https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16908 RedHat Security Advisories: RHSA-2012:0514 http://rhn.redhat.com/errata/RHSA-2012-0514.html RedHat Security Advisories: RHSA-2013:1455 http://rhn.redhat.com/errata/RHSA-2013-1455.html http://secunia.com/advisories/48073 http://secunia.com/advisories/48074 http://secunia.com/advisories/48589 http://secunia.com/advisories/48950 http://secunia.com/advisories/57126 SuSE Security Announcement: SUSE-SU-2012:0603 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.