Re: Security vulnerability (DOS attack caused by hash collision)

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Sathyan Catari <Sathyan.Catari_at_oracle.com>
Date: Fri, 13 Jan 2012 08:59:34 -0800

Fixes integrated into 3.1.1 Patch 2 will be rolled into 3.1.2 as applicable.
GlassFish 3.1.2 has been scheduled to release in the first quarter of
CY2012.
Please stay tuned for updates in http://blogs.oracle.com/theaquarium/

Thanks
Sathyan

On 1/13/12 7:55 AM, forums_at_java.net wrote:
> A security vulnerability (DOS attack caused by hash collision) has been
> reported in GlassFish
> server. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5035 [1]
>
> A Critical Patch Update has been released for the commercial
> version. http://blogs.oracle.com/GlassFishForBusiness/entry/oracle_glassfish_server_3_1
>
> [2]
>
> Has anything been done to the open source version to solve the issue?
>
>
> [1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5035
> [2]
> http://blogs.oracle.com/GlassFishForBusiness/entry/oracle_glassfish_server_3_1
>
> --
>
> [Message sent by forum member 'kclosure']
>
> View Post: http://forums.java.net/node/882696
>
>