By Eric P. Maurice-Oracle on Mar 29, 2012
Hi, this is Eric Maurice again.
Oracle has just updated the Security Alert for CVE-2011-5035 to announce the availability of additional fixes for products that were affected by this vulnerability through their use of the WebLogic Server and Oracle Container for J2EE components. As explained in a previous blog entry, a number of programming language implementations and web servers were found vulnerable to hash table collision attacks. This vulnerability is typically remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, malicious attackers can use this vulnerability to create denial of service conditions against the targeted system.
A complete list of affected products and their versions, as well as instructions on how to obtain the fixes, are listed on the Security Alert Advisory. Oracle highly recommends that customers apply these fixes as soon as possible.