Re: Security vulnerability (DOS attack caused by hash collision)

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Oleksiy Stashok <oleksiy.stashok_at_oracle.com>
Date: Fri, 13 Jan 2012 17:19:53 +0100

Glassfish 4 and 3.1.2 branches have this issue fixed.

Glassfish 3.1.2 is currently in hard code freeze state, latest promoted
build can be downloaded here [1]. Release candidate has to be available
on 01/24/2012

WBR,
Alexey.

[1]
http://dlc.sun.com.edgesuite.net/glassfish/3.1.2/promoted/latest-glassfish.zip

On 01/13/2012 04:55 PM, forums_at_java.net wrote:
> A security vulnerability (DOS attack caused by hash collision) has been
> reported in GlassFish
> server. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5035 [1]
>
> A Critical Patch Update has been released for the commercial
> version.
> http://blogs.oracle.com/GlassFishForBusiness/entry/oracle_glassfish_server_3_1
>
> [2]
>
> Has anything been done to the open source version to solve the issue?
>
>
> [1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5035
> [2]
> http://blogs.oracle.com/GlassFishForBusiness/entry/oracle_glassfish_server_3_1
>
> --
>
> [Message sent by forum member 'kclosure']
>
> View Post: http://forums.java.net/node/882696
>
>