users@glassfish.java.net

Security vulnerability (DOS attack caused by hash collision)

From: <forums_at_java.net>
Date: Fri, 13 Jan 2012 09:55:36 -0600 (CST)

A security vulnerability (DOS attack caused by hash collision) has been
reported in GlassFish
server. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5035 [1]

A Critical Patch Update has been released for the commercial
version. http://blogs.oracle.com/GlassFishForBusiness/entry/oracle_glassfish_server_3_1
[2]

Has anything been done to the open source version to solve the issue?


[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5035
[2]
http://blogs.oracle.com/GlassFishForBusiness/entry/oracle_glassfish_server_3_1

--
[Message sent by forum member 'kclosure']
View Post: http://forums.java.net/node/882696