Security Alert for CVE-2011-5035 Released

Hello, this is Eric Maurice.

Oracle just released a Security Alert for CVE-2011-5035.  In recent weeks, it was widely reported in the security community that a number of programming language implementations and web servers were vulnerable to hash table collision attacks.  US-CERT (United States Computer Emergency Readiness Team) has posted a detailed explanation of this issue (VU#903934) on its web site.

This vulnerability affects a significant number of products from Oracle and other vendors.  It is particularly severe as it could allow a malicious attacker to create a denial of service condition against the targeted system through an easy unauthenticated attack over the Internet.

Today’s Security Alert provides fixes to address this issue in Oracle WebLogic Server, Oracle iPlanet Web Server, and Oracle Containers for J2EE.  As usual, the availability of the fixes is noted in the Patch Availability Documents listed in the Security Alert Advisory.  Note that these fixes were not included in the  January 2012 Critical Patch Update, which however included the corresponding fix for Oracle GlassFish server.

Due to the threat posed by this vulnerability, particularly because of its ease of exploitation and the wide interest it has received in the hacking community, Oracle strongly recommends that customers apply this Security Alert as soon as possible.  Users of affected non-Oracle products should contact their respective vendor as soon as possible to obtain the appropriate fix.

For More Information:
The Advisory for Security Alert for CVE-2011-5035 is located at http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html

Comments:

Post a Comment:
Comments are closed for this entry.
About

This blog provides insight about key aspects of Oracle Software Security Assurance programs.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
11
12
13
14
16
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today